SSL3_GET_SERVER_CERTIFICATE certificate verify failed on Windows 10 Pro with IIS

HerrimanCoder picture HerrimanCoder · Jan 6, 2018 · Viewed 8k times · Source

When trying to send emails through smtp.google.com via PHPMailer on PHP hosted by IIS on Windows 10, I get this error message:

Connection failed. 
Error #2: stream_socket_enable_crypto(): SSL operation failed with code 1. 
OpenSSL Error messages
error:14090086
SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

The key part of that error I'm sure is certificate verify failed. I'm running OpenSSL and it's enabled and linked to my php. Here is some info output by my local PHP instance:

OpenSSL support => enabled
OpenSSL Library Version => OpenSSL 1.0.1p 9 Jul 2015
OpenSSL Header Version => OpenSSL 1.0.1p 9 Jul 2015

Directive => Local Value => Master Value
openssl.cafile => no value => no value
openssl.capath => no value => no value

Here is my PHP code:

use PHPMailer\PHPMailer\PHPMailer;
use PHPMailer\PHPMailer\Exception;

require 'src/Exception.php';
require 'src/PHPMailer.php';
require 'src/SMTP.php';

$mail = new PHPMailer;
$mail->isSMTP(); 
$mail->SMTPDebug = 2; // 0 = off (for production use) - 1 = client messages - 2 = client and server messages
$mail->Host = "smtp.gmail.com"; // use $mail->Host = gethostbyname('smtp.gmail.com'); // if your network does not support SMTP over IPv6
$mail->Port = 587; // TLS only
$mail->SMTPSecure = 'tls'; // ssl is depracated
$mail->SMTPAuth = true;
$mail->Username = $smtpUsername;
$mail->Password = $smtpPassword;
$mail->setFrom($emailFrom, $emailFromName);
$mail->addAddress($emailTo, $emailToName);
$mail->Subject = 'PHPMailer GMail SMTP test';
$mail->msgHTML("test body"); //$mail->msgHTML(file_get_contents('contents.html'), __DIR__); //Read an HTML message body from an external file, convert referenced images to embedded,
$mail->AltBody = 'HTML messaging not supported';
// $mail->addAttachment('images/phpmailer_mini.png'); //Attach an image file

if(!$mail->send()){
    echo "Mailer Error: " . $mail->ErrorInfo;
}else{
    echo "Message sent!";
}

I'm out of my depth regarding OpenSSL and cert issues. I have tried to understand the Updating CA certificates section of the PHPMailer troubleshooting guide, but I'm lost and confused. Can someone give me a set of steps I can follow and fix the cert problem on my local Windows 10 machine?

Answer

Synchro picture Synchro · Jan 6, 2018

To paraphrase the guide, download the CA bundle from curl and store it somewhere on your file system. Take the path you saved it to and add a line to your php.ini file saying:

openssl.cafile = $path

Where $path is where you saved the CA certs to. Then restart your web server to pick up the ini change.

If that worked, you should see that setting in the output from phpinfo(), and it should also give PHP what it needs to validate the certificate when PHPMailer uses it. Be aware that if the server is presenting a truly invalid or expired certificate, this won’t help, but given that this a well-known problem and solution, I expect it to work.