I’m not an SSL wizard, so I’m hoping that someone who is can help with this. I am developing an app demo that was able to send FCM messages successfully a while back. The mobile app calls a PHP script on the CentOS 7 server that uses the following code to send the request. This worked just fine.

                        $notification = array('title' =>$this->title , 'body' => $this->body, 'sound' => 'default', 'badge' => '1'); //                      $arrayToSend = array('to' => $token, 'notification' => $notification,'priority'=>'high');                         $params_android = array('ttl'=>'0s','priority'=>'high');                         $headers_apns = array('apns-expiration'=>'400','apns-priority'=>'10');                         $params_apns = array('headers'=>$headers_apns);                         // if only one recipient, must use the 'to' field instead of registration_ids                         if (1 == sizeof($this->recipients)) {                                 $arrayToSend = array('to' => $this->recipients[0], 'notification' => $notification, 'android'=>$params_and$                         } else {                                 $arrayToSend = array('registration_ids' => $this->recipients, 'notification' => $notification, 'android'=>$                         }                         $json = json_encode($arrayToSend);                          $headers = array();                         $headers[] = 'Content-Type: application/json';                         $headers[] = 'Authorization: key='. self::$SERVER_KEY_COMMTEST;                         $ch = curl_init();                          curl_setopt($ch, CURLOPT_URL, self::$FCM_URL);                         curl_setopt($ch, CURLOPT_CUSTOMREQUEST,"POST");                         curl_setopt($ch, CURLOPT_POSTFIELDS, $json);                         curl_setopt($ch, CURLOPT_HTTPHEADER,$headers);                         curl_setopt($ch, CURLOPT_FAILONERROR,true);                         curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); // curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);                         //Send the request                         $response = curl_exec($ch);                          //Close request                         if ($response === FALSE) {                                 $this->errorstring .= curl_error($ch) . "\n";                                 return false;                         }                         curl_close($ch);                          $this->fcm_response = $response; 

The URL to which I send the request is provided by Google: https://fcm.googleapis.com/fcm/send

About six months ago, I paused work on this project. Now, I’m trying to resume it but the FCM calls return an error: "Issuer Certificate Is Invalid"

FCM support has been useless on this.

I can issue a manual CURL call from the command line to get a more detailed response. It is:

curl: (60) Issuer certificate is invalid. More details here: http://curl.haxx.se/docs/sslcerts.html  curl performs SSL certificate verification by default, using a "bundle"  of Certificate Authority (CA) public keys (CA certs). If the default  bundle file isn't adequate, you can specify an alternate file  using the --cacert option. If this HTTPS server uses a certificate signed by a CA represented in  the bundle, the certificate verification probably failed due to a  problem with the certificate (it might be expired, or the name might  not match the domain name in the URL). If you'd like to turn off curl's verification of the certificate, use  the -k (or --insecure) option. 

I see a link to more details in the detailed response. It suggests I need to obtain certificates and go through an installation process. Where do I get said certificates?

Is this a certificate error on my server or theirs? And, how do I fix it?