четверг, 10 декабря 2015 г.

error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

It seems everyone at least once faced issues with SSL certificates on Mac. That happens after certain period of time, or after another system update, and everything that uses OpenSSL stops to work.

My situation was next: I did system update on OSX El Capitan, plus updated webserver and PHP... and then composer and rest things which are using OpenSSL stopped to operate. On composer update and self-update I was kept getting error messages alike:

bash-3.2# composer self-update
Downloading https://getcomposer.org/version

The "https://getcomposer.org/version" file could not be downloaded: SSL operation failed with code 1. OpenSSL Error messages:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Failed to enable crypto
failed to open stream: operation failed

Investigation showed, that there's no easy way to restore the previous state. So the decision was made to extract certificates from Apple’s Keychain via simple bash script:

cert_file="$( openssl version -d | awk -F'"' '{print $2}' )/cert.pem"
mkdir -p "${cert_file%/*}"
security find-certificate -a -p /Library/Keychains/System.keychain > "$cert_file"
security find-certificate -a -p /System/Library/Keychains/SystemRootCertificates.keychain >> "$cert_file"

I hope this article will help someone to do economy of time! Happy coding!


Попробуйте надёжный хостинг от Scala Hosting