composer: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

Finally I found the answer 😃

First: Check certificate file location which will be in default_cert_file key, you will found it in openssl_get_cert_locations() its php openssl function:

$ php -r "print_r(openssl_get_cert_locations());"
Array
(
    [default_cert_file] => /opt/lampp/share/openssl/cert.pem
    [default_cert_file_env] => SSL_CERT_FILE
    [default_cert_dir] => /opt/lampp/share/openssl/certs
    [default_cert_dir_env] => SSL_CERT_DIR
    [default_private_dir] => /opt/lampp/share/openssl/private
    [default_default_cert_area] => /opt/lampp/share/openssl
    [ini_cafile] => 
    [ini_capath] => 
)

Second: Download http://curl.haxx.se/ca/cacert.pem:

$ wget http://curl.haxx.se/ca/cacert.pem

Third: Copy certificate PEM file into default_cert_file location:

$ sudo mv cacert.pem /opt/lampp/share/openssl/cert.pem

My php-cli is under XAMPP and default_cert_file maybe point to some place that is different than this. I hope anything after that should goes fine with you brothers.

Hi, all.

I’ve fixed this issue doing the follow:

1º: Download the certificate:

wget http://curl.haxx.se/ca/cacert.pem --no-check-certificate

2º: Export it:

export COMPOSER_CAFILE='/home/user/cacert.pem'

The path need to be the same where you’ve downloaded the certificate in firts step.

3º: Run composer:

composer install

It works for me! 😄

Using Ubuntu 16.04 and php7, I could fix it by installing apt-get install ca-certificates And running update-ca-certificates

I am using windows 7 - 32 bit.

I also updated php.ini file to this after downloading cacert.pem file and restart apache but still I am having issue. Can anyone please help me?

I am using PHP Version 5.5.30.

extension=php_openssl.dll openssl.cafile = “C:\xampp\php\extras\openssl\cacert.pem”

One thing to check also is the date/time of your system: packagist uses letsencrypt certificates that are valid for 3 months and thus renewed every 3 months. If your system is out of sync by a few days, it could happen that the ssl certificate is not valid yet/not valid anymore. Just happened to me with a vagrant vm.

hi open https://packagist.org in your browser. Export all the certs. copy them /usr/local/ca-certificares. run update-ca-certifcates check if new crt is added if yes ur OK

I had the same issue and tried everything, including messing around with the certificate files.

Turned out to be Kapersky Antivirus…

Thanks to @marcovtwout on his comment on another thread

In FreeBSD 10.x, the trend is to now sym-link the nss cafile to /usr/local/etc/ssl/cert.pem. Previously, it was /etc/ssl/cert.pem. I found that on older machines the /etc/ssl link was still in place; but newer installs only had /usr/local/etc/ssl. Adding the symlink in the old location fixes the problem; but probably a better solution is to add:

openssl.cafile = /usr/local/etc/ssl/cert.pem

to your favorite /usr/local/etc/php/*.ini config until the php56 port catches up.

only install this yum install ca-certificates.noarch

I had the same issue for Ubuntu 16.10 with PHP 7.0 and here is what worked for me:

1. Download the certificate: wget http://curl.haxx.se/ca/cacert.pem --no-check-certificate

2. Configure composer to use that file: composer config --global cafile '<location of cafile>'

Thanks @mdolnik-eelzee !! I was trying to find solution for 3 hours… and when I found your post about Kaspersky… it saved my life!!

On Debian 8.6, using php 5.6, there is a missing file /usr/lib/ssl/cert.pem

In order to fix it download CA certs : wget http://curl.haxx.se/ca/cacert.pem

Then copy to /usr/lib/ssl/cert.pem, and you can use fsockopen with SSL.

Maybe an issue with openssl packaging or a missing dependency, but I couldn’t find /usr/lib/ss/cert.pem in Deb packages

Same here. Updating the cert and putting it in default_cert_file didn’t help. The date.timezone is set, too. I had to set openssl.cafile to the default_cert_file.