I might have to play around with this a bit. I am not sure where the cert is getting assigned to my version of PHP. I cannot find anything referencing cert or SSL in my /etc/php.ini or /etc/php.d, but openssl shows as a module when I do a 'php -m' and phpinfo() shows the following....
OpenSSL support enabled
OpenSSL Library Version OpenSSL 1.0.1e-fips 11 Feb 2013
OpenSSL Header Version OpenSSL 1.0.1e-fips 11 Feb 2013
Following along in
https://forum.dokuwiki.org/thread/12273.......
1) I verified that my Redhat 6 instance has the some rpms installed, but noticed differences. Where I have listed <No such package>, I cannot pull this from my current yum repos for Redhat...
You Me
libcurl3 7.35.0-1ubuntu2.3 libcurl-7.19.7-40.el6_6.4.x86_64
libssl1.0.0 1.0.1f-1ubuntu2.8
<No such package>
php5-curl 5.5.9+dfsg-1ubuntu4.6
<No such package>
php5-cli 5.5.9+dfsg-1ubuntu4.6 php-cli-5.3.3-46.el6_6.x86_64
openssl 1.0.1f-1ubuntu2.8 openssl-1.0.1e-30.el6_6.11.x86_64
ssl-cert 1.0.33
<No such package>
2) That is my error! :-)
3) var_dump(openssl_get_cert_locations()); does not work. I get a blank screen.
I do not have an /opt/lampp, but I did notice that /etc/ssl/certs --> /etc/pki/tls/certs, and there was a ca-bundle.crt and ca-bundle.trust.crt file.
4) The command corresponds to the statement above...
# openssl version -d
OPENSSLDIR: "/etc/pki/tls"
As above, I have nothing in my php.ini file for ssl.
I was under the impression (though maybe falsely) that the "curl_test.php" script mentioned earlier with an https://www.dokuwiki.org URL would indicate that ssl was working with PHP, but unsure HOW it works.... curl?
4a) When I look at the cert that came with the OS, it looks like it expired....
# openssl x509 -in ca-bundle.crt -text -noout
Validity
Not Before: Aug 17 22:00:00 2005 GMT
Not After : Aug 17 22:00:00
2015 GMT
So I downloaded the new ca-bundle.crt from
http://curl.haxx.se/docs/caextract.html and checked again....
# openssl x509 -in ca-bundle.crt -text -noout
Validity
Not Before: Aug 22 16:41:51 1998 GMT
Not After : Aug 22 16:41:51
2018 GMT
Bingo.... or so I thought. I bounced apache and tried again with the new cert in place, and still no change.
I renamed ca-bundle.crt, and I could not even use CURL, so I moved it back. I am currently running with the "valid" ca-bundle.crt, but it does not appear to help.
I thought about a PHP upgrade outside the Redhat provided packages. However the extension plug-in has not been updated in over 15 months, so I am not convinced a PHP upgrade alone will get the Extension Manager to work.