Configuring PHP / CURL root certificates on Windows Server

September 05, 2013

This post is about configuring PHP/CURL root certificates for a WordPress installation running on Windows Server 2008 R2 / IIS 7.5.

Yesterday I was trying to add an RSS feed to the AVBlocks Wiki Site and I got this error:

WP HTTP Error: SSL certificate problem, verify that the CA cert is OK.
Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

In my case the feed was coming from the AVBlocks Group on Google. However, the Google Groups feeds are served via secure https:// protocol and that requires SSL for server-to-server communication. The problem is that WordPress uses php_curl, and on a standard PHP installation of WordPress, curl does not come with the root certificate authorities installed.

Here is how to fix it:

1. You need to be running PHP 5.3.7 or later.
2. Download mk-ca-bundle.vbs from the Curl repository on GitHub.
3. Open a Command Prompt as Administrator and go to the directory in which you downloaded mk-ca-bundle.vbs.
4. Run mk-ca-bundle.vbs. Accept the default filename and do not include the text information for each certificate.
5. After running this you will end up with a file ca-bundle.crt.
6. Copy that to a known location, e.g. {path}/ca-bundle.crt.
7. Add curl.cainfo={path}/ca-bundle.crt to php.ini. See PHP Runtime Configuration for more details:

[PHP]

;;;;;;;;;;;;;;;;;;;
; CURL Settings ;
;;;;;;;;;;;;;;;;;;;

curl.cainfo={path}/ca-bundle.crt

1. Restart the IIS web site

---