SSL cert verification fails CURL error IIS 7.5


We have a client with a dedicated Windows 2008 R2 server running a classic ASP web application. He is wanting to put a Wordpress front-end to do some marketing. A few hours later, we have a great Wordpress front-end and everything is working perfectly...except...

Our payment gateway provider (Simplify Commerce) is throwing an error message when we are sending payment data over SSL:

SSL certificate problem: self signed certificate in certificate chain

So I did some googling and located instructions where you have to place a copy of the latest PEM file and point to it from php.ini.

Great! I grab the text and create the PEM. I point to the location in php.ini and the error changed...

error setting certificate verify locations: CAfile: C:\php\cacert.pem CApath: none

Now I'm in the weeds, as googling for this error message gets into CURL permissions and all indications are that IUSR has read/write access to the PEM file. So I'm stumped. Not a veteran with PHP or CURL. We were so close...

Any suggestions? Or can someone help explain what the failure is here? Did I not get it right that IUSR needs permissions?

I see a post like this one:

How would I perform that step in Windows Server?

Thank you

Bill HendersonWeb MarketingAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

David Johnson, CD, MVPOwnerCommented:
you're looking in the wrong place as IIS is in control of the sending/receiving of data
php runs at the application layer and iis runs at the transport layer
Bill HendersonWeb MarketingAuthor Commented:
Yet I got the error message to change with a modification to php.ini?
Bill HendersonWeb MarketingAuthor Commented:
Thanks for your time David - I don't mean to pooh pooh what you are saying. Just that this does appear to be PHP-related.

Let's say you're right. Any idea what element or setting of IIS would mimic the CURL certificate verification process and would need to be fixed in a way similar to the PHP setting?


IT Pros Agree: AI and Machine Learning Key

We’d all like to think our company’s data is well protected, but when you ask IT professionals they admit the data probably is not as safe as it could be.

Bill HendersonWeb MarketingAuthor Commented:
Any other suggestions out there?
Bill HendersonWeb MarketingAuthor Commented:
Hi All - OK so I took a step back and tried to identify again what was happening. It turns out that Wordpress isn't using the IIS certificate and so you must have the CURL certificate available. This article explains the simplest way to create the root certs file:

Followed those instructions, pointed php.ini to the newly created file and bam - the payment gateway connection was resolved.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Bill HendersonWeb MarketingAuthor Commented:
Only expert response was incorrect and I got lucky trying something different.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.