It sounds like you might be misinterpreting the error. It looks to me like the site you're connecting to is self-signed or some other common problem. Just like the usual browser warning, you're easiest work around is to disable the checks.

听起来您可能误解了该错误。在我看来，您要连接的站点是自签名站点或其他一些常见问题。就像通常的浏览器警告一样，最简单的解决方法是禁用检查。

You'll need to set CURLOPT_SSL_VERIFYPEERand CURLOPT_SSL_VERIFYHOSTto FALSE. This should disable the two main checks. They may not both be required, but this should at least get you going.

您需要将CURLOPT_SSL_VERIFYPEER和设置CURLOPT_SSL_VERIFYHOST为FALSE。这应该禁用两个主要检查。它们可能不是必需的，但这至少应该让你前进。

To be clear, this disables a feature designed to protect you. Only do this if you have verified the certificate and server by some other means.

需要明确的是，这会禁用旨在保护您的功能。仅当您通过其他方式验证了证书和服务器时才执行此操作。

More info on the PHP site: curl_setopt()

有关 PHP 站点的更多信息：curl_setopt()

If you want to use SSL peer verification (turning it off is not always good idea) you may use next solution on Windows globally for all applications:

如果您想使用 SSL 对等验证（关闭它并不总是一个好主意），您可以在 Windows 上为所有应用程序全局使用下一个解决方案：

1. Download file with root certificates from here: http://curl.haxx.se/docs/caextract.html
2. Add to php.ini:

1. 从这里下载带有根证书的文件：http: //curl.haxx.se/docs/caextract.html
2. 添加到 php.ini：

curl.cainfo=C:/path/to/cacert.pem

curl.cainfo=C:/path/to/cacert.pem

that's all magic, CURL can now verify certificates.

这很神奇，CURL 现在可以验证证书。

(as I know there is no such problem on Linux, at least on Ubuntu)

（据我所知，Linux 上没有这样的问题，至少在 Ubuntu 上）

Even after following advice on SO.. You may still have problems with an error like:

即使遵循了关于 SO 的建议.. 您可能仍然遇到以下错误的问题：

error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error

the problem is with the SSL version. Use the following for version 3

问题出在 SSL 版本上。使用以下版本 3

curl_setopt($ch, CURLOPT_SSLVERSION,3)

I am assuming that u have enabled verification of peer and host as well and are pointing to an actual certificate file. Eg.

我假设您也启用了对等方和主机的验证，并指向实际的证书文件。例如。

curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true); 
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2); 
curl_setopt($ch, CURLOPT_CAINFO, getcwd() . "/cacert.pem");

This is a "problem" with openssl and VeriSign.

这是 openssl 和 VeriSign 的“问题”。

I had a similar problem and my openssl was missing the intermediate ssl certificate used by VeriSign to sign the server certificate.

我遇到了类似的问题，我的 openssl 缺少 VeriSign 用于签署服务器证书的中间 ssl 证书。

https://knowledge.verisign.com/support/ssl-certificates-support/index?page=content&id=AR657

https://knowledge.verisign.com/support/ssl-certificates-support/index?page=content&id=AR657

I had to import these intermediate certificates from the VeriSign Homepage or Firefox cert-database-export into my local ca-certificates list and after this step I was able to use wget/curl to use the protected connection without any errors.

我必须将这些中间证书从 VeriSign 主页或 Firefox cert-database-export 导入到我的本地 ca-certificates 列表中，在此步骤之后，我能够使用 wget/curl 使用受保护的连接而不会出现任何错误。

If it's a developer machine - you can also add this certificate in you system. Something like this - https://www.globalsign.com/support/intermediate/intermediate_windows.phpIt's for WinXP, but it works also on other versions of windows.

如果它是开发人员机器 - 您也可以在您的系统中添加此证书。像这样的东西 - https://www.globalsign.com/support/intermediate/intermediate_windows.php它适用于 WinXP，但它也适用于其他版本的 Windows。

This is apparently on openssl bug. Tomcat can be configured to work around this in /etc/tomcat7/server.xml by restricting the available cipher list:

这显然是在 openssl 错误上。通过限制可用的密码列表，Tomcat 可以配置为在 /etc/tomcat7/server.xml 中解决这个问题：

<Connector protocol="HTTP/1.1" SSLEnabled="true" ... ciphers="SSL_RSA_WITH_RC4_128_SHA"/>

You're not SENDing the SSL cert. It appears there's a problem with the SSL cert as it is installed on the host you are contacting. Use option -k or --insecure, to get past the complaint.

您没有发送 SSL 证书。SSL 证书似乎存在问题，因为它安装在您正在联系的主机上。使用选项 -k 或 --insecure 来解决投诉。

Ah. See Ryan Graham's answer

啊。见瑞恩格雷厄姆的回答