PS C:\xampp\htdocs\webstore_services> composer diagnose
Checking platform settings: OK
Checking git settings: OK
Checking http connectivity to packagist: Warning: Accessing 192.168.1xx.2xx over http which is an insecure protocol.
Checking https connectivity to packagist: [Composer\Downloader\TransportException] The "https://repo.packagist.org/packages.json" file could not be downloaded: SSL operation failed with code 1. OpenSSL Error messages:
error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
Failed to enable crypto
failed to open stream: operation failed
Checking github.com rate limit: FAIL
[Composer\Downloader\TransportException] The "https://api.github.com/rate_limit" file could not be downloaded: SSL operation failed with code 1. OpenSSL Error messages:
error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
Failed to enable crypto
failed to open stream: operation failed
Checking disk free space: OK
Checking pubkeys:
Tags Public Key Fingerprint: 57815BA2 7E54DC31 7ECC7CC5 573090D0 87719BA6 8F3BB723 4E5D42D0 84A14642
Dev Public Key Fingerprint: 4AC45767 E5EC2265 2F0C1167 CBBB8A2B 0C708369 153E328C AD90147D AFE50952
Checking composer version:
[Composer\Downloader\TransportException]
The "https://getcomposer.org/versions" file could not be downloaded: SSL operation failed with code 1. OpenSSL Error messages:
error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
Failed to enable crypto
failed to open stream: operation failed
diagnose
I have tried almost every solution on the Internet
php -r "print_r(openssl_get_cert_locations());"
Result
[default_cert_file] => C:\usr\local\ssl/cert.pem
[default_cert_file_env] => SSL_CERT_FILE
[default_cert_dir] => C:\usr\local\ssl/certs
[default_cert_dir_env] => SSL_CERT_DIR
[default_private_dir] => C:\usr\local\ssl/private
[default_default_cert_area] => C:\usr\local\ssl
[ini_cafile] => C:\xampp\php\cacert.pem
[ini_capath] => C:\xampp\php\cacert.pem
How will I change the location of default_cert_file in this, Only this is left?
Since I am on Corporate Proxy I have set the env-variable of the proxy.
https_proxy : http://user:pass@host:port
http_proxy : http://user:pass@host:port
After everything I do, it doesn't help me though.
–
–
I do not know if I will answer you, but I will try to enlighten you:
it is a secure connection failure:
default_cert_file is defined when you generate the certificate
error:1416F086:SSL is an error like
the server rejected your certificate because it is revoked, nonexistent or incorrect
the same error can occur in a browser with Error code: SSL_ERROR_REVOKED_CERT_ALERT or SSL_ERROR_HANDSHAKE_FAILURE_ALER when the security certificate is not or no longer valid
when you generate a root certificate this can depend on a configuration file in which is specified several information, notably the path:
[CA_default]
dir = ./certificats # Where everything is kept
openssl etc ...
I think what you're looking for is akin
SSL context options
SSL context options — SSL context option listing
cafile string
Location of Certificate Authority file on local filesystem which should be used with the verify_peer context option to authenticate the identity of the remote peer.
capath string
If cafile is not specified or if the certificate is not found there, the directory pointed to by capath is searched for a suitable certificate. capath must be a correctly hashed certificate directory.
most common cause of this error is out of sync date/time, check what is your machine's local time and use commands like ntp or chrony to sync your time.
If you are having this problem in a docker container, the container would be using your host time. However, putting the computer in hibernate mode would make the time lock up. the only solution is to restart the whole computer.
I found this while I was searching for a similar issue, so I might spare few minutes to write something that others might benefit from.
Sometimes corporate proxies terminate secure sessions to check if you don't do any malicious stuff, then sign it again, but with their own CA certificate that is trusted by your OS, but might not be trusted by openssl. You can check that with the openssl itself:
openssl s_client -connect fully.qualified.domain.name:port
The command above should provide you with the certificate that was presented. Just look for:
Certificate chain
0 s:/long/DN/rewritten/from/the/original/certificate
i:/proxy/issuer/certificate
1 s:/proxy/issuer/certificate
i:/corporate/root/CA
2 s:/corporate/root/CA
i:/corporate/root/CA
So basically you want to have the root CA certificate trusted.
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
