SSL cert verification fails CURL error IIS 7.5


We have a client with a dedicated Windows 2008 R2 server running a classic ASP web application. He is wanting to put a Wordpress front-end to do some marketing. A few hours later, we have a great Wordpress front-end and everything is working perfectly...except...

Our payment gateway provider (Simplify Commerce) is throwing an error message when we are sending payment data over SSL:

SSL certificate problem: self signed certificate in certificate chain

So I did some googling and located instructions where you have to place a copy of the latest PEM file and point to it from php.ini.

Great! I grab the text and create the PEM. I point to the location in php.ini and the error changed...

error setting certificate verify locations: CAfile: C:\php\cacert.pem CApath: none

Now I'm in the weeds, as googling for this error message gets into CURL permissions and all indications are that IUSR has read/write access to the PEM file. So I'm stumped. Not a veteran with PHP or CURL. We were so close...

Any suggestions? Or can someone help explain what the failure is here? Did I not get it right that IUSR needs permissions?

I see a post like this one:

How would I perform that step in Windows Server?

Thank you

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

David Johnson, CD, MVPOwnerCommented:
you're looking in the wrong place as IIS is in control of the sending/receiving of data
php runs at the application layer and iis runs at the transport layer
billium99Author Commented:
Yet I got the error message to change with a modification to php.ini?
billium99Author Commented:
Thanks for your time David - I don't mean to pooh pooh what you are saying. Just that this does appear to be PHP-related.

Let's say you're right. Any idea what element or setting of IIS would mimic the CURL certificate verification process and would need to be fixed in a way similar to the PHP setting?


Top Threats of Q1 & How to Defend Against Them

WEBINAR: Join WatchGuard CTO and our Threat Research Team on Aug. 2nd to hear the findings from our Q1 Internet Security Report! Learn more about the top threats detected in the first quarter and how you can defend your business against them!

billium99Author Commented:
Any other suggestions out there?
billium99Author Commented:
Hi All - OK so I took a step back and tried to identify again what was happening. It turns out that Wordpress isn't using the IIS certificate and so you must have the CURL certificate available. This article explains the simplest way to create the root certs file:

Followed those instructions, pointed php.ini to the newly created file and bam - the payment gateway connection was resolved.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
billium99Author Commented:
Only expert response was incorrect and I got lucky trying something different.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.