On this page
Known issue with cURL and outdated root certificates
This documentation needs review. See "Help improve this page" in the sidebar.
Symptoms
The reCAPTCHA module may not able to connect to Google servers. The submission of the captcha causes watchdog errors with cURL enabled.
Technical background:
Googles uses SSL certificates that are signed by a Root Certificate Authority (CA) that may not integrated in most if not all cURL installations. The Guzzle and cURL libraries are typically configured to verify the SSL certificates and refuse the connection if this verification fails. This may be reconfigured with CURL options, but this cannot recommended.
Drupal uses Guzzle Http Client internally, but under the hood it may use cURL or PHP internals. If you installed PHP cURL on your PHP server it typically uses cURL and you may see an exception with error Peer certificate cannot be authenticated with known CA certificates or error code CURLE_SSL_CACERT (60).
Solution:
- Download latest
cacert.pemfrom http://curl.haxx.se/docs/caextract.html. - On global PHP level add
curl.cainfo = [enter your path]\cacert.pemto yourphp.ini. - Restart Apache service.
Help improve this page
You can:
- Log in, click Edit, and edit this page
- Log in, click Discuss, update the Page status value, and suggest an improvement
- Log in and create a Documentation issue with your suggestion
