Windows PHP with cURL error 77: error setting certificate verify locations

Question

I'm using PHP 7.4 on a Windows server via commandline (think executing IDE PHPUnit tests - no HTTP server involved), and I am trying to access a remote server via CURL extension (wrapped inside Guzzle) via HTTPS.

CURL/Guzzle responds with errors like "cURL error 77: error setting certificate verify locations".

I need to add a private server CA certificate to my cert store for this to work, but it does not. I exported the Windows Cert store via https://neurotechnics.com/blog/ssl-ca-bundles-for-curl-and-php/ , which basically exports it, then transforms it via a shell command, but still no luck when adding either the path or the file into the "php.ini" file under "curl.cainfo".

How do I do this?

Answer 1

In the end I just downloaded the public PEM file from the CURL website: https://curl.haxx.se/ca/cacert.pem as a starting point.

I verified this was working ok enough (modulo being unable to work with the self-signed server certificate), and it was. This verified that "curl.cainfo" needs a path to that file.

I then moved my own file into that same location, and boom: Error 77.

I compared the two files via notepad++, and it complained immediately that the encoding of the files is different. WTF!

Turns out: The Windows shell command added a UTF-16 LE BOM to the start of my file, and PHP does not at all like it. The article did not mention this.

Converting the file to UTF-8 without BOM (changed nothing as the contents consists of ASCII only), and now it is working just fine.

BEWARE! THE ENCODING!