Troubleshooting

How to fix the verifying certificate error

Error [curl] 77: Error setting up the location verification certificate: CAfile appears when you send a request to the Xsolla server using Pay Station SDK.

We enable SSL-certificate verification and use the default CA bundle provided by your operating system. However, not all systems have a CA bundle on the disk. For example, Windows and OS X do not have a single common location for CA bundles.

There are several ways to resolve this problem:

  • You can disable the certificate verification when in the development environment by using this code:

Copy
Full screen
Small screen
<?php

use Xsolla\SDK\API\XsollaClient;

$client = XsollaClient::factory(array(
'merchant_id' => MERCHANT_ID,
'api_key' => API_KEY
));
$client->setDefaultOption('ssl.certificate_authority', false);
Note
You also need to test this issue in the production environment.
  • Provide a reliable certificate (recommended). Make sure the CA file exists and specify the path to it with the code below, where:
    • /path/to/file is a path to the CA file
    • ssl.certificate_authority is the CA file name
Copy
Full screen
Small screen
<?php

use Xsolla\SDK\API\XsollaClient;

$client = XsollaClient::factory(array(
'merchant_id' => MERCHANT_ID,
'api_key' => API_KEY
));
$сlient->setDefaultOption('ssl.certificate_authority', '/path/to/file');

In Windows the CA file can be located in the following folders:

  • C:\windows\system32\curl-ca-bundle.crt
  • C:\windows\curl-ca-bundle.crt

If there is no certificate in the specified places, you can use the certificate provided by Mozilla.

In some versions of PHP for Windows, configuring paths to certificates via code can be a problem. To resolve it, download the cacert.pem file and specify the path to it in the php.ini config file.

Copy
Full screen
Small screen
    curl.cainfo=c:/cacert.pem
    
    Was this article helpful?
    Thank you!
    Is there anything we can improve? Message
    We’re sorry to hear that
    Please explain why this article wasn’t helpful to you. Message
    Thank you for your feedback!
    We’ll review your message and use it to help us improve your experience.
    Hide

    How to fix the authentication error

    An error with the INVALID_SIGNATURE code and the Authorization header not found in Xsolla webhook request message appears if PHP-CGI for Apache doesn’t pass HTTP Basic user/pass to PHP by default. To resolve it, add the following string to the .htaccess or httpd.conf Apache config file:

    Copy
    Full screen
    Small screen
    <?php
    
    RewriteEngine On
    RewriteCond %{HTTP:Authorization} ^(.+)$
    RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
    
    Was this article helpful?
    Thank you!
    Is there anything we can improve? Message
    We’re sorry to hear that
    Please explain why this article wasn’t helpful to you. Message
    Thank you for your feedback!
    We’ll review your message and use it to help us improve your experience.
    Hide

    How to fix the invalid IP address

    If you use Pay Station PHP SDK, Xsolla checks the IP addresses from which the webhooks were sent. The INVALID_CLIENT_IP error code is returned in one of the following cases:

    • the webhook server was tested from a localhost in a development environment
    • your app was working in a production environment behind a proxy server, e.g., a load balancer

    If you are in a development environment, turn off the IP address checking with this code:

    Copy
    Full screen
    Small screen
    <?php
    use Xsolla\SDK\Webhook\WebhookServer;
    $webhookServer = WebhookServer::create($callback, PROJECT_KEY);
    $webhookServer->start($webhookRequest = null, $authenticateClientIp = false);
    

    If you’re using a proxy server, choose one of the following solutions:

    • Add the reverse proxy IP address to the webhook server with the following code (recommended):

    Copy
    Full screen
    Small screen
    <?php
    
    use Xsolla\SDK\Webhook\WebhookServer;
    use Symfony\Component\HttpFoundation\Request;
    
    $request = Request::createFromGlobals();
    $request->setTrustedProxies(array('YOUR_PROXY_SERVER_IP_OR_CIDR'));
    
    $webhookServer = WebhookServer::create($callback, PROJECT_KEY);
    $webhookServer->start();
    

    • Add the proxy IP address to the allowlist.

    Read more information about working with a proxy server in the Simfony documentation.

    Was this article helpful?
    Thank you!
    Is there anything we can improve? Message
    We’re sorry to hear that
    Please explain why this article wasn’t helpful to you. Message
    Thank you for your feedback!
    We’ll review your message and use it to help us improve your experience.
    Hide
    Last updated: October 7, 2024

    Found a typo or other text error? Select the text and press Ctrl+Enter.

    Report a problem
    We always review our content. Your feedback helps us improve it.
    Provide an email so we can follow up
    Thank you for your feedback!