OpenSSL Failing to Verify Server's Certificate

This section provides a tutorial example on how OpenSSL fails to verify HTTPS server's certificate using the 'cafile' SSL context option. The CA certificate can not be found.

The test on https://login.yahoo.com finished nicely in the previous tutorial. Now let's try to play with another HTTPS server, www.google.com:

C:\herong>\local\php\php OpenSSL_HTTPS_file_get_contents_with_CA.php
   https://www.google.com/accounts/ServiceLogin

PHP Warning:  file_get_contents(): SSL operation failed with code 1. 
OpenSSL Error messages:
error:14090086:SSL routines:func(144):reason(134) 
in OpenSSL_HTTPS_file_get_contents_with_CA.php on line 14

PHP Warning:  file_get_contents(): Failed to enable crypto 
in OpenSSL_HTTPS_file_get_contents_with_CA.php on line 14

PHP Warning:  file_get_contents(
  https://www.google.com/accounts/ServiceLogin): failed to open stream: 
operation failed 
in OpenSSL_HTTPS_file_get_contents_with_CA.php on line 14

I am not surprised to see these errors:

Last update: 2011.

Table of Contents

 About This Book

 Introduction of PKI (Public Key Infrastructure)

 Introduction of HTTPS (Hypertext Transfer Protocol Secure)

 Using HTTPS with IE (Internet Explorer) 10

 Using HTTPS with Chrome 40

 Using HTTPS with Firefox 35

 Perl Scripts Communicating with HTTPS Servers

PHP Scripts Communicating with HTTPS Servers

 Configuring PHP OpenSSL on Windows

 Testing OpenSSL with file_get_contents()

 OpenSSL Configuration Errors

 SSL Context Options for OpenSSL

 Asking OpenSSL to Verify Server's Certificate

OpenSSL Failing to Verify Server's Certificate

 Multiple CA Certificates in a Single File

 Testing OpenSSL with fopen()

 Java Programs Communicating with HTTPS Servers

 Certificate Stores and Certificate Console

 .NET Programs Communicating with HTTPS Servers

 CAcert.org - Root CA Offering Free Certificates

 PKI CA Administration - Issuing Certificates

 Digital Signature - Microsoft Word 2007

 Digital Signature - OpenOffice.org 3

 S/MIME and Email Security

 PKI (Public Key Infrastructure) Terminology

 Outdated Tutorials

 References

 PDF Printing Version