update page now
PHP 8.5.2 Released!

    Runtime Configuration

    The behaviour of these functions is affected by settings in php.ini.

    openssl Configure Options
    Name Default Changeable Changelog
    openssl.cafile "" INI_PERDIR  
    openssl.capath "" INI_PERDIR  
    openssl.libctx "custom" INI_PERDIR  
    For further details and definitions of the INI_* modes, see the Where a configuration setting may be set.

    Here's a short explanation of the configuration directives.

    openssl.cafile string

    Location of Certificate Authority file on local filesystem which should be used with the verify_peer context option to authenticate the identity of the remote peer.

    openssl.capath string

    If cafile is not specified or if the certificate is not found there, the directory pointed to by capath is searched for a suitable certificate. capath must be a correctly hashed certificate directory.

    openssl.libctx string
    Specifies the type of OpenSSL library context to use. The default value, custom, creates a separate library context for each worker or thread. This improves isolation from other libraries using OpenSSL and, in ZTS builds, increases separation between threads. It is also possible to use the default value, which causes PHP to use OpenSSL's global default library context.

    See also the SSL stream context options.

    Found A Problem?

    Learn How To Improve This PageSubmit a Pull RequestReport a Bug
    add a note

    User Contributed Notes 2 notes

    up
    -1
    mmi at uhb-consulting dot de
    7 years ago
    in capath the Certificates must be placed with the certificates hash as name and .0 as Ending. 

Here is how to get the hashes from Certificates lying in this folder and automatically rename them in a correct way:
<?php
    $paths=openssl_get_cert_locations();
    $allowed=array("cer","crt","pem");
    if (!empty($paths['ini_capath'])){
        $capathDirectory = dir($paths['ini_capath']);
        while (false !== ($entry = $capathDirectory->read())) {
            $Sourcefile=$paths['ini_capath']."/".$entry;
            if (file_exists( $Sourcefile)){
                $path_parts = pathinfo($Sourcefile);
                if (in_array(strtolower($path_parts['extension']),$allowed)){
                    $ParsedCertificatePbject = openssl_x509_parse(file_get_contents($Sourcefile));
                    $Sourcefile= $ParsedCertificatePbject["hash"].".0";
                    $TargetFilename = dirname($Sourcefile)."/".$Sourcefile;
                    if (!file_exists($TargetFilename)) {
                        rename ($Sourcefile ,$TargetFilename);
                    }
                }
            }
        }
        $capathDirectory->close();
    }
?>
    up
    -1
    ofrick at bluewin dot ch
    7 years ago
    above code should be corrected to:

                    $Destfile= $ParsedCertificatePbject["hash"].".0";
                    $TargetFilename = dirname($Sourcefile)."/".$Destfile;
    add a note
    To Top