2018
2017
2016
2015
2014
2013
2012
2011
2010
2009
2008
2007
2006
2005

Certificate issue with composer

February 08, 2018

Category: DevelopmentCommunity

Due to a change of the SSL certificate for all *.typo3.org domains, some composer clients are not able to connect to composer.typo3.org anymore due to a outdated CA bundle.

The issue:

When calling composer commands an error is thrown about certificate verification failure. e.g.   

$ composer update 
Loading composer repositories with package informationThe "https://composer.typo3.org/packages.json" file could not be downloaded: SSL operation failed with code 1. OpenSSL Error messages:error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed

Or when installing a TER extension:

$ composer install

- Installing typo3-ter/static-info-tables (6.5.1): Downloading (failed)
Downloading (failed)
Downloading (failed)

  [Composer\Downloader\TransportException]
  The "https://extensions.typo3.org/extension/download/static_info_tables/6.5.1/t3x/" file could not be downloaded: SSL operation failed with code 1. OpenSSL Error messages:
  error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
  Failed to enable crypto
  failed to open stream: operation failed

To fix this issue, make sure your composer is using a current CA bundle which will include our CA ("DigiCert Global Root G2")

Mac OS X:

Look for the location of your cafile by:

php -r 'var_dump(openssl_get_cert_locations());'

Then set composer to use this (with the example in my case):

composer config --global cafile '<location of cafile>'

Example:

composer config --global cafile '/usr/local/etc/openssl/cert.pem'

Windows:

https://support.microsoft.com/en-us/help/931125/how-to-get-a-root-certificate-update-for-windows

Linux:

Debian:

apt-get install --only-upgrade ca-certificates

RedHat / CentOS:

yum update ca-certificates				

 We will update the solutions as soon as possible for the other OS.

Update 2018/02/13:
Due to a possible information leak in our CI setup, we re-issued our *.typo3.org once again (same IM/CA certificate)


Comments


Add comment

Please log in or sign up to comment.