I have a local site that I'm trying to test on the paypal sandbox with express payments. I'm getting the following error in my log
cURL error: SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

and when I click the Checkout with paypal button I get the following message: Redirect to PayPal Express Checkout failed. Please try again or contact an administrator to resolve the issue.

Any ideas what I'm doing wrong?

Sharon

Comments

rszrama’s picture

What web server are you testing with?

SharonD214@aol.com’s picture

Apache Web server Version 2.2.22
Thanks
Sharon

pcoucke’s picture

See https://drupal.org/project/commerce_paypal at the bottom:

If your PayPal API requests are failing due to SSL certificate verification, refer to the comments in the cURL request preparation of commerce_paypal_api_request() to read how to specify a local CA certificate bundle file.

From commerce_paypal_api_request():

Commerce PayPal requires SSL peer verification, which may prevent out of
date servers from successfully processing API requests. If you get an error
related to peer verification, you may need to download the CA certificate
bundle file from http://curl.haxx.se/docs/caextract.html, place it in a
safe location on your web server, and update your settings.php to set the
commerce_paypal_cacert variable to contain the absolute path of the file.
Alternately, you may be able to update your php.ini to point to the file
with the curl.cainfo setting.

I downloaded the file from http://curl.haxx.se/docs/caextract.html, added the line below to settings.php and it was resolved:

$conf['commerce_paypal_cacert'] = 'D:\wamp\apps\curl\cacert.pem';
mlecha’s picture

Same issue here, cURL error with PayPal API requests failing due to SSL certificate verification.

Downloading the download the CA certificate bundle file and setting the commerce_paypal_cacert variable worked for my local setup, which is XAMPP version 1.7.7.

How to do I test if this is required on my live site?

My live site is working fine on Commerce PayPal 1.0, is the 2.2 module likely to be broken in this way?

Anything I can look for in phpinfo() to see if this fix is needed on the live server?

Thank you!

rszrama’s picture

Issue summary: View changes
Status: Active » Closed (fixed)

Thanks for following up here. I'd just give it a shot and see what happens. If you're running in a reasonably modern hosting environment for your live site, it should resolve those SSL certificates just fine. If not, it's a quick process to make it work.

mstrelan’s picture

How about only enabling the verify peer option for live transactions?

<?php
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, $payment_method['settings']['server'] == 'live');
?>