I am writing a PHP script to talk to my website’s Micropub endpoint. When I had first recycled the PHP script I use to write my Booklists, I ran into an error concerning the HTTPS encryption of traffic to my website:

SSL operation failed with code 1. OpenSSL Error messages:
error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed

For my booklists I had initially pseudo solved it by approaching my server side script in HTTP, not HTTPS. That is not an option when talking to my WordPress site though.

Jan Boddez helpfully gave a few pointers towards potential solutions. I assumed that the issue was that the webserver stack (MAMP PRO) had no access to the certificates it needed to talk to my website.

I downloaded the Mozilla CA bundle as .pem file, and for good measure also the one for my own website, as described here. I added the contents of the .pem file for my own site to the CA bundle at the end (.pem files are text files and you can paste all .pem files together)

At first I added a line in php.ini (be aware that MAMP has many PHP versions installed, which all have their own php.ini file, so make sure to edit the right one).

curl.cainfo = /path/cacert.pem
openssl.cafile= /path/cacert.pem

The fist one definitely wasn’t going to help, as I’m not using curl to send my webrequest, but added for good measure. The other one didn’t help either.

Then I came across a PHP function that could show me which certificates the script was trying to use:

var_dump(openssl_get_cert_locations());

That told me that MAMP is looking in the folder Applications/MAMP/Library/OpenSSL/certs/ in which the cacert.pem file was an outdated Mozilla CA bundle. I replaced it with the one I had downloaded and had added my own site’s file to.

That worked. My script is now able to talk to my website’s Micropub end point and create a post on my site. However the content of the post is missing, so now the next step is ensuring I am posting to my site in the right format. But the crucial first hurdle is taken: contact!

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.