The issue:
When calling composer commands an error is thrown about certificate verification failure. e.g.
$ composer update Loading composer repositories with package informationThe "https://composer.typo3.org/packages.json" file could not be downloaded: SSL operation failed with code 1. OpenSSL Error messages:error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
Or when installing a TER extension:
$ composer install - Installing typo3-ter/static-info-tables (6.5.1): Downloading (failed) Downloading (failed) Downloading (failed) [Composer\Downloader\TransportException] The "https://extensions.typo3.org/extension/download/static_info_tables/6.5.1/t3x/" file could not be downloaded: SSL operation failed with code 1. OpenSSL Error messages: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed Failed to enable crypto failed to open stream: operation failed
To fix this issue, make sure your composer is using a current CA bundle which will include our CA ("DigiCert Global Root G2")
Mac OS X:
Look for the location of your cafile by:
php -r 'var_dump(openssl_get_cert_locations());'
Then set composer to use this (with the example in my case):
composer config --global cafile '<location of cafile>'
Example:
composer config --global cafile '/usr/local/etc/openssl/cert.pem'
Windows:
https://support.microsoft.com/en-us/help/931125/how-to-get-a-root-certificate-update-for-windows
Linux:
Debian:
apt-get install --only-upgrade ca-certificates
RedHat / CentOS:
yum update ca-certificates
We will update the solutions as soon as possible for the other OS.
Update 2018/02/13:
Due to a possible information leak in our CI setup, we re-issued our *.typo3.org once again (same IM/CA certificate)