Skip to content

Configuring PHP / CURL root certificates on Windows Server

This post is about configuring PHP/CURL root certificates for a WordPress installation running on Windows Server 2008 R2 / IIS 7.5.

Yesterday I was trying to add an RSS feed to the AVBlocks Wiki Site and I got this error:

``` text WP HTTP Error: SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

In my case the [feed]( was coming from the [AVBlocks Group](!forum/avblocks) on Google. However, the Google Groups feeds are served via secure https:// protocol and that requires SSL for server-to-server communication. The problem is that WordPress uses *php\_curl*, and on a standard PHP installation of WordPress, *curl* does not come with the root certificate authorities installed.

Here is how to fix it:

1. You need to be running PHP 5.3.7 or later.
2. Download [mk-ca-bundle.vbs]( from the [Curl]( repository on GitHub.
3. Open a Command Prompt as Administrator and go to the directory in which you downloaded `mk-ca-bundle.vbs`.
4. Run `mk-ca-bundle.vbs`. Accept the default filename and do not include the text information for each certificate.
5. After running this you will end up with a file `ca-bundle.crt`.
6. Copy that to a known location, e.g. `{path}/ca-bundle.crt`.
7. Add `curl.cainfo={path}/ca-bundle.crt` to php.ini. See [PHP Runtime Configuration]( for more details: 

``` ini

; CURL Settings ;

8. Restart the IIS web site