How to fix "Issuer Certificate Is Invalid" error trying to Send to Firebase Cloud Messaging from PHP Curl on CENTOS 7?
I’m not an SSL wizard, so I’m hoping that someone who is can help with this. I am developing an app demo that was able to send FCM messages successfully a while back. The mobile app calls a PHP script on the CentOS 7 server that uses the following code to send the request. This worked just fine.
$notification = array('title' =>$this->title , 'body' => $this->body, 'sound' => 'default', 'badge' => '1'); // $arrayToSend = array('to' => $token, 'notification' => $notification,'priority'=>'high'); $params_android = array('ttl'=>'0s','priority'=>'high'); $headers_apns = array('apns-expiration'=>'400','apns-priority'=>'10'); $params_apns = array('headers'=>$headers_apns); // if only one recipient, must use the 'to' field instead of registration_ids if (1 == sizeof($this->recipients)) { $arrayToSend = array('to' => $this->recipients[0], 'notification' => $notification, 'android'=>$params_and$ } else { $arrayToSend = array('registration_ids' => $this->recipients, 'notification' => $notification, 'android'=>$ } $json = json_encode($arrayToSend); $headers = array(); $headers[] = 'Content-Type: application/json'; $headers[] = 'Authorization: key='. self::$SERVER_KEY_COMMTEST; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, self::$FCM_URL); curl_setopt($ch, CURLOPT_CUSTOMREQUEST,"POST"); curl_setopt($ch, CURLOPT_POSTFIELDS, $json); curl_setopt($ch, CURLOPT_HTTPHEADER,$headers); curl_setopt($ch, CURLOPT_FAILONERROR,true); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); // curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); //Send the request $response = curl_exec($ch); //Close request if ($response === FALSE) { $this->errorstring .= curl_error($ch) . "\n"; return false; } curl_close($ch); $this->fcm_response = $response;
The URL to which I send the request is provided by Google: https://fcm.googleapis.com/fcm/send
About six months ago, I paused work on this project. Now, I’m trying to resume it but the FCM calls return an error: "Issuer Certificate Is Invalid"
FCM support has been useless on this.
I can issue a manual CURL call from the command line to get a more detailed response. It is:
curl: (60) Issuer certificate is invalid. More details here: http://curl.haxx.se/docs/sslcerts.html curl performs SSL certificate verification by default, using a "bundle" of Certificate Authority (CA) public keys (CA certs). If the default bundle file isn't adequate, you can specify an alternate file using the --cacert option. If this HTTPS server uses a certificate signed by a CA represented in the bundle, the certificate verification probably failed due to a problem with the certificate (it might be expired, or the name might not match the domain name in the URL). If you'd like to turn off curl's verification of the certificate, use the -k (or --insecure) option.
I see a link to more details in the detailed response. It suggests I need to obtain certificates and go through an installation process. Where do I get said certificates?
Is this a certificate error on my server or theirs? And, how do I fix it?