-
Notifications
You must be signed in to change notification settings - Fork 58
Dealing with SSL Errors
Postmark-PHP utilizes a PHP extension called libcurl. Depending on various system settings, the default installation of libcurl can have issues verifying SSL/TLS certificates.
This results in error messages like the following:
cURL error 60: SSL certificate problem: unable to get local issuer certificate in...Although it's not a problem specific to the Postmark library, we see it frequently enough that we wanted to share how to resolve it. This issue appears to happen more frequently on Windows, but the following instructions can be adapted to solve the issue on macOS and Linux.
Note that these instructions use windows directories, but the same process will work for linux installations by using linux-specific paths.
-
Download and save the CA bundle, to a location of your choice, perhaps
c:\curl_ca_bundle.crt -
In
c:\windows, if there is not already aphp.initext file, create one. -
Add or update the following lines to the php.ini:
[PHP] curl.cainfo=c:\curl_ca_bundle.crt
-
Run your PHP scripts as normal.
This process will ensure you have the appropriate certificate chain needed to allow libcurl to verify the SSL/TLS certificates presented by the Postmark API, as well as many other Web Services.
After you require the Postmark library into your project, set the following global setting:
PostmarkClientBase::$VERIFY_SSL = false
This will still allow you to connect to the Postmark API using a TLS connection (which is encrypted), but it's possible that a Man-in-the-middle attack could impersonate the Postmark API, and this would go undetected by your client code.
When going this route, make sure to include an additional use statement for PostmarkClientBase:
use Postmark\PostmarkClientBase;
After you require the Postmark library into your project, set the following global setting:
PostmarkClientBase::$BASE_URL = 'http://api.postmarkapp.com';
This is a last-resort option when you are using PHP in a system where SSL/TLS is not available. Your interactions with Postmark will be sent in plain-text and are at a much higher-risk of eavesdropping from 3rd parties. We do not recommend this solution, but some special circumstances may leave you with only this option.
The Postmark-PHP client can be installed from Packagist.
For additional information about the capabilities of the Postmark API, see Postmark Developers Documentation.