Error [curl] 77: Error setting up the location verification certificate: CAfile appears when you send a request to the Xsolla server using Pay Station SDK.

We enable SSL-certificate verification and use the default CA bundle provided by your operating system. However, not all systems have a CA bundle on the disk. For example, Windows and OS X do not have a single common location for CA bundles.

There are several ways to resolve this problem:

• You can disable the certificate verification when in the development environment by using this code:

<?php

use Xsolla\SDK\API\XsollaClient;

$client = XsollaClient::factory(array(
'merchant_id' => MERCHANT_ID,
'api_key' => API_KEY
));
$client->setDefaultOption('ssl.certificate_authority', false);

• Provide a reliable certificate (recommended). Make sure the CA file exists and specify the path to it with the code below, where:
  • /path/to/file is a path to the CA file
  • ssl.certificate_authority is the CA file name

<?php

use Xsolla\SDK\API\XsollaClient;

$client = XsollaClient::factory(array(
'merchant_id' => MERCHANT_ID,
'api_key' => API_KEY
));
$сlient->setDefaultOption('ssl.certificate_authority', '/path/to/file');

In Windows the CA file can be located in the following folders:

• C:\windows\system32\curl-ca-bundle.crt
• C:\windows\curl-ca-bundle.crt

If there is no certificate in the specified places, you can use the certificate provided by Mozilla.

In some versions of PHP for Windows, configuring paths to certificates via code can be a problem. To resolve it, download the cacert.pem file and specify the path to it in the php.ini config file.

curl.cainfo=c:/cacert.pem

An error with the INVALID_SIGNATURE code and the Authorization header not found in Xsolla webhook request message appears if PHP-CGI for Apache doesn’t pass HTTP Basic user/pass to PHP by default. To resolve it, add the following string to the .htaccess or httpd.conf Apache config file:

<?php

RewriteEngine On
RewriteCond %{HTTP:Authorization} ^(.+)$
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

If you use Pay Station PHP SDK, Xsolla checks the IP addresses from which the webhooks were sent. The INVALID_CLIENT_IP error code is returned in one of the following cases:

• the webhook server was tested from a localhost in a development environment
• your app was working in a production environment behind a proxy server, e.g., a load balancer

If you are in a development environment, turn off the IP address checking with this code:

<?php
use Xsolla\SDK\Webhook\WebhookServer;
$webhookServer = WebhookServer::create($callback, PROJECT_KEY);
$webhookServer->start($webhookRequest = null, $authenticateClientIp = false);

If you’re using a proxy server, choose one of the following solutions:

• Add the reverse proxy IP address to the webhook server with the following code (recommended):

<?php

use Xsolla\SDK\Webhook\WebhookServer;
use Symfony\Component\HttpFoundation\Request;

$request = Request::createFromGlobals();
$request->setTrustedProxies(array('YOUR_PROXY_SERVER_IP_OR_CIDR'));

$webhookServer = WebhookServer::create($callback, PROJECT_KEY);
$webhookServer->start();

• Add the proxy IP address to the allowlist.

Read more information about working with a proxy server in the Simfony documentation.