Skip to content

Configuring PHP / CURL root certificates on Windows Server

This post is about configuring PHP/CURL root certificates for a WordPress installation running on Windows Server 2008 R2 / IIS 7.5.

Yesterday I was trying to add an RSS feed to the AVBlocks Wiki Site and I got this error:

``` text WP HTTP Error: SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

In my case the [feed](https://groups.google.com/forum/feed/avblocks-support/msgs/rss.xml?num=3) was coming from the [AVBlocks Group](https://groups.google.com/forum/#!forum/avblocks) on Google. However, the Google Groups feeds are served via secure https:// protocol and that requires SSL for server-to-server communication. The problem is that WordPress uses *php\_curl*, and on a standard PHP installation of WordPress, *curl* does not come with the root certificate authorities installed.

Here is how to fix it:

1. You need to be running PHP 5.3.7 or later.
2. Download [mk-ca-bundle.vbs](https://raw.github.com/bagder/curl/master/lib/mk-ca-bundle.vbs) from the [Curl](https://github.com/bagder/curl/tree/master/lib) repository on GitHub.
3. Open a Command Prompt as Administrator and go to the directory in which you downloaded `mk-ca-bundle.vbs`.
4. Run `mk-ca-bundle.vbs`. Accept the default filename and do not include the text information for each certificate.
5. After running this you will end up with a file `ca-bundle.crt`.
6. Copy that to a known location, e.g. `{path}/ca-bundle.crt`.
7. Add `curl.cainfo={path}/ca-bundle.crt` to php.ini. See [PHP Runtime Configuration](http://php.net/manual/en/curl.configuration.php) for more details: 

``` ini
[PHP]

;;;;;;;;;;;;;;;;;;;
; CURL Settings ;
;;;;;;;;;;;;;;;;;;;

curl.cainfo={path}/ca-bundle.crt
8. Restart the IIS web site