SSL3_GET_SERVER_CERTIFICATE certificate verify failed on Windows 10 Pro with IIS

php iis phpmailer php-openssl
HerrimanCoder picture HerrimanCoder · Jan 6, 2018 · Viewed 8k times · Source

When trying to send emails through smtp.google.com via PHPMailer on PHP hosted by IIS on Windows 10, I get this error message:

Connection failed. 
Error #2: stream_socket_enable_crypto(): SSL operation failed with code 1. 
OpenSSL Error messages
error:14090086
SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

The key part of that error I'm sure is certificate verify failed. I'm running OpenSSL and it's enabled and linked to my php. Here is some info output by my local PHP instance:

OpenSSL support => enabled
OpenSSL Library Version => OpenSSL 1.0.1p 9 Jul 2015
OpenSSL Header Version => OpenSSL 1.0.1p 9 Jul 2015

Directive => Local Value => Master Value
openssl.cafile => no value => no value
openssl.capath => no value => no value

Here is my PHP code:

use PHPMailer\PHPMailer\PHPMailer;
use PHPMailer\PHPMailer\Exception;

require 'src/Exception.php';
require 'src/PHPMailer.php';
require 'src/SMTP.php';

$mail = new PHPMailer;
$mail->isSMTP(); 
$mail->SMTPDebug = 2; // 0 = off (for production use) - 1 = client messages - 2 = client and server messages
$mail->Host = "smtp.gmail.com"; // use $mail->Host = gethostbyname('smtp.gmail.com'); // if your network does not support SMTP over IPv6
$mail->Port = 587; // TLS only
$mail->SMTPSecure = 'tls'; // ssl is depracated
$mail->SMTPAuth = true;
$mail->Username = $smtpUsername;
$mail->Password = $smtpPassword;
$mail->setFrom($emailFrom, $emailFromName);
$mail->addAddress($emailTo, $emailToName);
$mail->Subject = 'PHPMailer GMail SMTP test';
$mail->msgHTML("test body"); //$mail->msgHTML(file_get_contents('contents.html'), __DIR__); //Read an HTML message body from an external file, convert referenced images to embedded,
$mail->AltBody = 'HTML messaging not supported';
// $mail->addAttachment('images/phpmailer_mini.png'); //Attach an image file

if(!$mail->send()){
    echo "Mailer Error: " . $mail->ErrorInfo;
}else{
    echo "Message sent!";
}

I'm out of my depth regarding OpenSSL and cert issues. I have tried to understand the Updating CA certificates section of the PHPMailer troubleshooting guide, but I'm lost and confused. Can someone give me a set of steps I can follow and fix the cert problem on my local Windows 10 machine?

Answer

Synchro picture Synchro · Jan 6, 2018

To paraphrase the guide, download the CA bundle from curl and store it somewhere on your file system. Take the path you saved it to and add a line to your php.ini file saying:

openssl.cafile = $path

Where $path is where you saved the CA certs to. Then restart your web server to pick up the ini change.

If that worked, you should see that setting in the output from phpinfo(), and it should also give PHP what it needs to validate the certificate when PHPMailer uses it. Be aware that if the server is presenting a truly invalid or expired certificate, this won’t help, but given that this a well-known problem and solution, I expect it to work.

Related questions

How can I get the current page's full URL on a Windows/IIS server?

I moved a WordPress installation to a new folder on a Windows/IIS server. I'm setting up 301 redirects in PHP, but it doesn't seem to be working. My post URLs have the following format: http:://www.example.com/OLD_FOLDER/…

Read More
How to check if mod_rewrite is enabled in php?

I was wondering if it is possible to check if mod_rewrite is enabled on Apache AND IIS in PHP. ModRewrite for IIS exists. Check it here. So, I'm looking for a PHP script that checks for mod_rewrite on …

Read More
What causes an HTTP 405 "invalid method (HTTP verb)" error when POSTing a form to PHP on IIS?

I have one form in a PHP (5.2.9-1) application that causes IIS (Microsoft-IIS/6.0) to throw the following error when POSTed: The page you are looking for cannot be displayed because an invalid method (HTTP verb) was used to attempt access. …

Read More