I am also receiving this with:

Ubuntu Server 14.0.4.1
PHP 5.5.9-1ubuntu4.4 (cli) (built: Sep 4 2014 06:56:34)
OpenSSL Library Version => OpenSSL 1.0.1f 6 Jan 2014

Straight from the official repos.
Installing composer should not require me changing my system SSL configuration as suggested in the previous bug.... so please resolve this.

Same issue on following System:

Server: ContOS 6.5

php -v

PHP 5.5.8 (cli) (built: Jan 14 2014 12:14:02)
Copyright (c) 1997-2013 The PHP Group
Zend Engine v2.5.0, Copyright (c) 1998-2013 Zend Technologies
    with Zend OPcache v7.0.3-dev, Copyright (c) 1999-2013, by Zend Technologies

openssl version:

OpenSSL 1.0.1e-fips 11 Feb 2013

Error message:

Download failed: file_get_contents(): SSL operation failed with code 1. OpenSSL Error messages:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
file_get_contents(): Failed to enable crypto
file_get_contents(https://getcomposer.org/composer.phar): failed to open stream: operation failed

Same on FreeBSD 9.X and 10.X

php -v

$ php -v
PHP 5.6.2 (cli) (built: Oct 23 2014 12:59:40)
Copyright (c) 1997-2014 The PHP Group
Zend Engine v2.6.0, Copyright (c) 1998-2014 Zend Technologies

openssl

$ openssl version
OpenSSL 1.0.1j-freebsd 15 Oct 2014

Error

$ sudo composer self-update

  [Composer\Downloader\TransportException]
  The "https://getcomposer.org/version" file could not be downloaded: SSL operation failed with code 1. OpenSSL Error messages:
  error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
  Failed to enable crypto
  failed to open stream: operation failed

Same problem on FreeBSD 10.0
#composer -V
Warning: This development build of composer is over 30 days old. It is recommended to update it by running "/usr/local/bin/composer self-update" to get the latest version.
Composer version cfed932 2014-04-16 15:23:42
#composer self-update
[Composer\Downloader\TransportException]
The "https://getcomposer.org/version" file could not be downloaded: SSL oper
ation failed with code 1. OpenSSL Error messages:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify f
ailed
Failed to enable crypto
failed to open stream: operation failed

Any ideas ... :(

I found only this:
#3045

I solved the issue on FreeBSD 10.
I saw that the command
#php -r "var_dump(openssl_get_cert_locations());"
Give me:
array(8) {
["default_cert_file"]=>
string(17) "/etc/ssl/cert.pem"
["default_cert_file_env"]=>
string(13) "SSL_CERT_FILE"
["default_cert_dir"]=>
string(14) "/etc/ssl/certs"
["default_cert_dir_env"]=>
string(12) "SSL_CERT_DIR"
["default_private_dir"]=>
string(16) "/etc/ssl/private"
["default_default_cert_area"]=>
string(8) "/etc/ssl"
["ini_cafile"]=>
string(0) ""
["ini_capath"]=>
string(0) ""
}

On my FreeBSD box the certificate file is in
/usr/local/share/certs
And the file is ca-root-nss.crt, which is a key bundle.
So, I remove ca_root_nss package:
#/usr/ports/security/ca_root_nss make deinstall
And install again with
#/usr/ports/security/ca_root_nss make config install clean
Confirm the option
ETCSYMLINK Add symlink to /etc/ssl/cert.pem
And then
Composer self-update is working. :)

Users should not have to change their system configuration in order to get
it to work. Users in a shared hosting environment will not have that
ability.

On Mon, Oct 27, 2014 at 11:19 AM, Ivaylo Asenov notifications@github.com
wrote:

I solved the issue on FreeBSD 10.
I saw that the command
#php -r "var_dump(openssl_get_cert_locations());"
Give me:
array(8) {
["default_cert_file"]=>
string(17) "/etc/ssl/cert.pem"
["default_cert_file_env"]=>
string(13) "SSL_CERT_FILE"
["default_cert_dir"]=>
string(14) "/etc/ssl/certs"
["default_cert_dir_env"]=>
string(12) "SSL_CERT_DIR"
["default_private_dir"]=>
string(16) "/etc/ssl/private"
["default_default_cert_area"]=>
string(8) "/etc/ssl"
["ini_cafile"]=>
string(0) ""
["ini_capath"]=>
string(0) ""
}

On my FreeBSD box the certificate file is in
/usr/local/share/certs
And the file is ca-root-nss.crt, which is a key bundle.
So, I remove ca_root_nss package:
#/usr/ports/security/ca_root_nss make deinstall
And install again with
#/usr/ports/security/ca_root_nss make config install clean
Confirm the option
ETCSYMLINK Add symlink to /etc/ssl/cert.pem
And then
Composer self-update is working. :)

—
Reply to this email directly or view it on GitHub
#3346 (comment).

That is my default setup (ca_root_nss with etcsymlink) and still not working.

]# php -r "var_dump(openssl_get_cert_locations());"
array(8) {
  ["default_cert_file"]=>
  string(27) "/usr/local/openssl/cert.pem"
  ["default_cert_file_env"]=>
  string(13) "SSL_CERT_FILE"
  ["default_cert_dir"]=>
  string(24) "/usr/local/openssl/certs"
  ["default_cert_dir_env"]=>
  string(12) "SSL_CERT_DIR"
  ["default_private_dir"]=>
  string(26) "/usr/local/openssl/private"
  ["default_default_cert_area"]=>
  string(18) "/usr/local/openssl"
  ["ini_cafile"]=>
  string(0) ""
  ["ini_capath"]=>
  string(0) ""
}

On FreeBSD with

WITH_OPENSSL_PORT=yes

in /etc/make.conf before installing (or before reinstalling/updating) ports that require openssl

then run

ln -s /usr/local/share/certs/ca-root-nss.crt /usr/local/openssl/cert.pem

and composer works again.

(y)
Am 27.10.2014 19:23 schrieb "Daniel Ennis" notifications@github.com:

Users should not have to change their system configuration in order to get
it to work. Users in a shared hosting environment will not have that
ability.

On Mon, Oct 27, 2014 at 11:19 AM, Ivaylo Asenov notifications@github.com

wrote:

I solved the issue on FreeBSD 10.
I saw that the command
#php -r "var_dump(openssl_get_cert_locations());"
Give me:
array(8) {
["default_cert_file"]=>
string(17) "/etc/ssl/cert.pem"
["default_cert_file_env"]=>
string(13) "SSL_CERT_FILE"
["default_cert_dir"]=>
string(14) "/etc/ssl/certs"
["default_cert_dir_env"]=>
string(12) "SSL_CERT_DIR"
["default_private_dir"]=>
string(16) "/etc/ssl/private"
["default_default_cert_area"]=>
string(8) "/etc/ssl"
["ini_cafile"]=>
string(0) ""
["ini_capath"]=>
string(0) ""
}

On my FreeBSD box the certificate file is in
/usr/local/share/certs
And the file is ca-root-nss.crt, which is a key bundle.
So, I remove ca_root_nss package:
#/usr/ports/security/ca_root_nss make deinstall
And install again with
#/usr/ports/security/ca_root_nss make config install clean
Confirm the option
ETCSYMLINK Add symlink to /etc/ssl/cert.pem
And then
Composer self-update is working. :)

—
Reply to this email directly or view it on GitHub
#3346 (comment).

—
Reply to this email directly or view it on GitHub
#3346 (comment).

For us, a reinstall of the ca-cert package fixed the problem!

I just have posted the similar issue on stackoverflow
http://stackoverflow.com/questions/27206719/composer-update-fails-while-updating-from-packagist

Finally I found the answer :)

First: Check certificate file location which will be in default_cert_file key, you will found it in openssl_get_cert_locations() its php openssl function:

$ php -r "print_r(openssl_get_cert_locations());"
Array
(
    [default_cert_file] => /opt/lampp/share/openssl/cert.pem
    [default_cert_file_env] => SSL_CERT_FILE
    [default_cert_dir] => /opt/lampp/share/openssl/certs
    [default_cert_dir_env] => SSL_CERT_DIR
    [default_private_dir] => /opt/lampp/share/openssl/private
    [default_default_cert_area] => /opt/lampp/share/openssl
    [ini_cafile] => 
    [ini_capath] => 
)

Second: Download http://curl.haxx.se/ca/cacert.pem:

$ wget http://curl.haxx.se/ca/cacert.pem

Third: Copy certificate PEM file into default_cert_file location:

$ sudo mv cacert.pem /opt/lampp/share/openssl/cert.pem

My php-cli is under XAMPP and default_cert_file maybe point to some place that is different than this.
I hope anything after that should goes fine with you brothers.

@vzool your solution work , Thanks

@vzool, works for me, too. Thanks a lot!

In FreeBSD 10.x, the trend is to now sym-link the nss cafile to /usr/local/etc/ssl/cert.pem. Previously, it was /etc/ssl/cert.pem. I found that on older machines the /etc/ssl link was still in place; but newer installs only had /usr/local/etc/ssl. Adding the symlink in the old location fixes the problem; but probably a better solution is to add:

openssl.cafile = /usr/local/etc/ssl/cert.pem

to your favorite /usr/local/etc/php/*.ini config until the php56 port catches up.

@vzool this solution work with me in Ubuntu - Xampp . Thanks

I'm still having this problem and I'm pulling what's left of my hair out. I've copied cert.pm to the location specified by default_cert_file and I still get the error message. Does anyone else have any kind of update for this. It seems upgrading to PHP 5.6 is a big no no if you use composer.

Have been having this issue for a few weeks and could not pinpoint what was going on, installing new certificates and making sure NTLM usernames and passwords were all ok, it did not seem to stop the issue as composer diag reported everything were still not working. It turned out that I had to remove the protocol from my https_proxy.

Here is what solved my issue on Ubuntu with PHP 5.6.4 behind a corporate proxy.

My first issue was I needed to pass user credentials to the proxy, I solved this issue with cntlm. Basically you set your proxy to a local address and then cntlm passes the request onto the corporate proxy with credentials. I had a hard time getting this to work so if anyone needs help with this drop me a line.

So now I had internet access with our supplying my username and password each time I made a request :D

I was still having issues with SSL event after working through the suggestions listed in this thread, finlay I read somewhere that removing the protocol from your https proxy worked. Using this command:

export set https_proxy="127.0.0.1:3128"

This command made composer diag work for the terminal session but every time I opened a new session this command needed to be run again. That was all good, I can live with that.

All my problems seemed to be solved, I was so happy, well until I tried to install aegir. This used apt-get ran with the sudo command, and I was seeing the SSL error again. NOOOOOO /CRY

What was happening (I think) was that the default environmental variables were being used as sudo was opening a new session. It was time to fix this once and for all (well so far) I made a change to the default environment variables.

sudo nano /etc/environment 

I changed the https_proxy to https_proxy="127.0.0.1:3128"

I hope this helps someone.

Aaron

hi
open https://packagist.org in your browser.
Export all the certs.
copy them /usr/local/ca-certificares.
run update-ca-certifcates
check if new crt is added
if yes ur OK

Your solution gave result. Thanks @vzool

Closing as we now handle SSL quite a lot better.

@vzool， It work for me too. Thanks very much

I am using windows 7 - 32 bit.

I also updated php.ini file to this after downloading cacert.pem file and restart apache but still I am having issue. Can anyone please help me?

I am using PHP Version 5.5.30.

extension=php_openssl.dll
openssl.cafile = "C:\xampp\php\extras\openssl\cacert.pem"

In my case, making sure that the correct cert.pem file exists was not sufficient. You need to also set your time zone in your php.ini to your actual time zone using the date.timezone key (in my case, I set it to America/Los Angeles). Otherwise, PHP will default to using UTC and your system clock will appear to be off. This solved the issue for me on Mac OS X El Capitan (10.11.2).

@psalami I have updated date.timezone in php.ini but still getting same issue...

Same here. Updating the cert and putting it in default_cert_file didn't help. The date.timezone is set, too. I had to set openssl.cafile to the default_cert_file.

so i have one resolution.
if you use php5.6.x
maybe can help you.
http://stackoverflow.com/questions/26148701/file-get-contents-ssl-operation-failed-with-code-1-and-more

http://php.net/manual/en/migration56.openssl.php

only install this
yum install ca-certificates.noarch

however,it didn't work in version PHP 7.0.8-0ubuntu0.16.04.2, I really wonder if you have tried this with a php version of 7.0.* or whether you have an another solution , looking forward to reply , I really appreciate it. @vzool

yes is use php7 but in CENTOS 6 64bit

On Debian 8.6, using php 5.6, there is a missing file /usr/lib/ssl/cert.pem

In order to fix it download CA certs :
wget http://curl.haxx.se/ca/cacert.pem

Then copy to /usr/lib/ssl/cert.pem, and you can use fsockopen with SSL.

Maybe an issue with openssl packaging or a missing dependency, but I couldn't find /usr/lib/ss/cert.pem in Deb packages

Using Ubuntu 16.04 and php7, I could fix it by installing
apt-get install ca-certificates
And running
update-ca-certificates

Hi, all.

I've fixed this issue doing the follow:

1º: Download the certificate:

wget http://curl.haxx.se/ca/cacert.pem --no-check-certificate

2º: Export it:

export COMPOSER_CAFILE='/home/user/cacert.pem'

The path need to be the same where you've downloaded the certificate in firts step.

3º: Run composer:

composer install

It works for me! :D

I don't think I saw this mentioned, but a possible trigger of this error could be incorrect permissions for ssl directories.

For me it turned out I had the default certs directory as 700 instead of 755 (remember this is certs not private).

Doing
sudo chmod 755 certs
Fixed the problem for me

Exporting the COMPOSER_CAFILE variable worked like a charm for me. Until then, I'd been having a frustrating time having tried everything else in this thread.

@AleksSv Sweet fix, worked fine for me. Thx :)

FIXED USING A CWD IN POPEN(even if all is called :()

It worked exactly like that, replacing cert file BUT
I CANT HAVE THIS WORKING BECAUSE I USE IT IN POPEN(moving sames instruction lines from one php file to another, maybe i do it too much times, only one more) :((
so i retrieve errors about certificates like: failed RSET ...certificate verify failed...without being connected....

I had the same issue and tried everything, including messing around with the certificate files.

Turned out to be Kapersky Antivirus...

Thanks to @marcovtwout on his comment on another thread

Thanks @mdolnik-eelzee !!
I was trying to find solution for 3 hours... and when I found your post about Kaspersky... it saved my life!!

If you've tried many ways and haven't solved them, try the following:
Anywhere in the php.ini file
;cert.pem you can curl.haxx.se/ca/cacert.pem Download

openssl.cafile=/usr/lib/ssl/cert.pem**

One thing to check also is the date/time of your system: packagist uses letsencrypt certificates that are valid for 3 months and thus renewed every 3 months. If your system is out of sync by a few days, it could happen that the ssl certificate is not valid yet/not valid anymore. Just happened to me with a vagrant vm.

@mdolnik-eelzee OMAGAD really thanx, Im reinstalled xampp and composer and replaced certificates in configs at least 25 times, before Im found your comment...

only install this yum install ca-certificates.noarch

This worked for my vagrant box with centos linux dist.

only install this yum install ca-certificates.noarch

You are a life saver. Worked like a charm.

Wow! @vzool , really, really thanks! Your solution was great for me 😎

Finally I found the answer :)

First: Check certificate file location which will be in default_cert_file key, you will found it in openssl_get_cert_locations() its php openssl function:

$ php -r "print_r(openssl_get_cert_locations());"
Array
(
    [default_cert_file] => /opt/lampp/share/openssl/cert.pem
    [default_cert_file_env] => SSL_CERT_FILE
    [default_cert_dir] => /opt/lampp/share/openssl/certs
    [default_cert_dir_env] => SSL_CERT_DIR
    [default_private_dir] => /opt/lampp/share/openssl/private
    [default_default_cert_area] => /opt/lampp/share/openssl
    [ini_cafile] => 
    [ini_capath] => 
)

Second: Download http://curl.haxx.se/ca/cacert.pem:

$ wget http://curl.haxx.se/ca/cacert.pem

Third: Copy certificate PEM file into default_cert_file location:

$ sudo mv cacert.pem /opt/lampp/share/openssl/cert.pem

My php-cli is under XAMPP and default_cert_file maybe point to some place that is different than this. I hope anything after that should goes fine with you brothers.

Worked on XAMPP for Mac too.

I had the same issue for Ubuntu 16.10 with PHP 7.0 and here is what worked for me:

1. Download the certificate:
   wget http://curl.haxx.se/ca/cacert.pem --no-check-certificate

2. Configure composer to use that file:
   composer config --global cafile '<location of cafile>'