PHPFlickr and SSL/HTTPS – certificate issues on local Windows development server

We use PHPFlickr, which is a very handy PHP wrapper for the Flickr API, in CSlide. Recently, Flickr announced that they are making their API SSL only (on June 27th 2014), and PHPFlickr was updated accordingly. However, I could not get it to work on my local XAMPP development server, running on Windows 8. I initially assumed it was an issue with the changes to the PHPFlickr class (as it had previously worked fine), but, after much debugging, found that the problem was that CURL (which is used to make the requests to the API) could not verify Flickr’s SSL certificate. This is because CURLs default behaviour is to not trust any Certificate Authorities (CAs).

The solution is to give CURL a bundle of trusted CA certificates, which can be download from the CURL site. You can tell CURL about this bundle by setting the path to the CA bundle file in php.ini (and remembering to restart Apache afterwards). Adding this at the end of php.ini did the trick for me, but obviously change the path according to your own setup:


You can also point CURL at the CA bundle when setting up your curl connection, using curl_setopt to set CURLOPT_CAINFO to the full path to your CA bundle file. I didn’t want to do this with PHPFlickr, as it would involve changing the core PHPFlickr code, which would inevitably cause problems when that code gets updated:

curl_setopt($ch, CURLOPT_CAINFO, "c:\xampp\php\cacert.pem");

Note that one bad solution that was commonly suggested was to set CURLOPT_SSL_VERIFYPEER to false, which, as the name suggests, stop CURL from trying to verify the certificate. As rmckay says in the curl_setopt docs, this allows man in the middle attacks, so should be avoided!

Leave a Reply

Your email address will not be published. Required fields are marked *

The reCAPTCHA verification period has expired. Please reload the page.