Advice and answers from the BitPay Team

If you are receiving an SSL validation error when using one of our plugins, the root CA certificate bundle is most likely out of date. The error message might look like:

cURL error: SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed (60)

Luckily, this is an easy problem to fix if you have root permissions on your webserver. If not, you'll need to ask your webserver administrator or web hosting provider for assistance.

Step 1 - download:

You can update the root CA cert bundle on your webserver (if you have permissions) with this file from the official cURL team: https://raw.githubusercontent.com/bagder/ca-bundle/master/ca-bundle.crt

An alternative site with multiple formats is: http://www.cacert.org/index.php?id=3

Step 2 - install:

For servers running Ubuntu, Debian Linux

Copy your CA bundle file you downloaded to the /usr/local/share/ca-certificates/ directory:

$ sudo cp foo.crt /usr/local/share/ca-certificates/foo.crt

Then update the CA store on the server:

$ sudo update-ca-certificates
$ sudo update-ca-certificates --fresh

TIP: If you're interested in learning more about this system administration tool, please see: http://gnu.wiki/man8/update-ca-certificates.8.php

For servers running CentOS 6 Linux

Install the ca-certificates package:

$ sudo yum install ca-certificates

Next, enable the dynamic CA configuration feature:

$ sudo update-ca-trust enable

Then copy this file to the /etc/pki/ca-trust/source/anchors/ directory:

$ sudo cp foo.crt /etc/pki/ca-trust/source/anchors/

Finally, update the system with the command:

$ sudo update-ca-trust extract

For servers running CentOS 5 Linux

Append your newly downloaded trusted certificate to the /etc/pki/tls/certs/ca-bundle.crt file:

$ sudo cat foo.crt >> /etc/pki/tls/certs/ca-bundle.crt
Did this answer your question?