WordPress Twitter Exception Message: SSL certificate problem

Twitter LogoMost plugins for WordPress require little if any technical knowledge to install and configure.  Sometimes you have to look under the hood and check the engine yourself to make a plugin work correctly.

Recently the Genesis Framework “Getting Latest Tweets” Plugin widget was updated and site owners started to report SSL Certificate problems.  The Getting Latest Tweets plugin securely connects your WordPress site to your Twitter Account and displays your latest Tweets on your web site.  To see how this works, visit the home page of www.jasonpalmer.com and look in the lower right hand corner to see my latest Tweets.  (You can learn more and download the WordPress “Getting Latest Tweets” plugin here.)

If after installing and configuring the “Getting Latest Tweets” plugin you see the message “No Tweets Found in the spot where it is supposed to display the latest Tweets on your WordPress site, read on to learn how to fix the problem.

The error message appears after installing the “Getting Latest Tweets” plugin and saving the Twitter Application API information.  These are the keys and application name information obtained from your Twitter Developer Dashboard.  (How to do this is all described with screen shots below the configuration panel of this plugin.)

You will usually one of the following two error messages or similar variation:

“Twitter Exception Message: SSL certificate problem”
or
“Twitter Exception Message: SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed”

The reason for this error message is that some web servers do not have the latest Certificate Authority file installed.  Digital Certificates authenticate the owners of web sites.  To complete this process when making a request from our web server to another web server, we need to make sure that the issuer of the digital certificate that we receive from the web site we visit is authentic.  The Certificate Authority file contains this information about well-known companies that issue SSL Digital Certificates to secure web sites. (For a technical explanation, visit Wikipedia here.)

Plugin authors, if they want to make secure connections from your web server to another web server, such as in the case of “Getting Latest Tweets” from Twitter to post automatically on your web site, usually include the latest Certificate Authority file with the installation of their plugin.  “Getting Latest Tweets” did not do this.

The solution is fairly simple and will work for most LAMP (Linux/Apache/MySQL/PHP) and WAMP (Windows/Apache/MySQL/PHP) implementations.

We need to get a good, current copy of a Certificate Authority file from a trusted source, place it on our Web Server in the appropriate directory folder, then tell the programs that need access to this Certificate Authority file where to find it.

NOTE:  If you understand the problem as described above but have absolutely no idea what anything below means, ask the company that hosts your web site to assist you or correct the problem for you.

WARNING:  Make sure you have a valid backup copy of your PHP.INI file BEFORE you proceed!

First, get the latest cacert.pem file from:

http://www.curl.haxx.se/docs/caextract.html

Look to see if you have a \curl or \Tools\curl or similarly named directory on your Web Server.  You can also search for “curl” to help find an appropriate directory.

Warning:  Do not replace the .pem file that exists in any plugin directory.  Only replace the .pem file in a common server directory, like in the example below.

Next: Simply open up your PHP.INI file and add the following line:

curl.cainfo = “PATH_TO/cacert.pem”

Example:

I am running the WAMPDeveloper Stack on Windows from DevSide.net

I added the following line at the bottom of my PHP.INI file

curl.cainfo = “C:\WampDeveloper\Tools\curl\cacert.pem”

Then I placed the cacert.pem downloaded above in:

c:\wampdeveloper\tools\curl

Works perfectly for most stacks, BUT NOT ALL, and resolves the issue for many plugins looking for an updated Certificate Authority File that are returning errors similar to the one at the top of this article.

You may stop reading this article now unless you really, really want the ultra-technical details and are an IT Professional.

IT Professionals, please continue:

If you are looking to understand how to update cURL the library utility that many plugins use to connect and transfer data to and from other sites securely, additional references are below.

It is usually the responsibility of the developer of the application/plug-in to explicitly point to a current cacert.pem file – especially for WordPress users running on Windows AMP stacks such as Bitnami or WampDeveloper (Devside.net).

Backupbuddy, Vaultpress, and Google Analytics plug-in’s all distribute a cacert.pem file and I assume use the proper CURL Reference such as:

curl_setopt($ch, CURLOPT_CAINFO, ’C:/accessible/by/apache/cacert.pem);
and
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);

The following sites are presented for reference and additional configuration details:

The Main Home Page for cURL:
http://curl.haxx.se/docs/manpage.html

A good Mozilla.org Certificate Authority CA Cert Bundle file is available here:
http://www.curl.haxx.se/docs/caextract.html

The page explains in depth how to make SSL Server to Server Connections:
http://curl.haxx.se/docs/sslcerts.html

How do I update root certificates in Apache/PHP/cURL environment?
http://kb.ucla.edu/articles/how-do-i-update-root-certificates-in-apachephpcurl-environment

How do I use cURL in PHP on Windows?
http://kb.ucla.edu/articles/how-do-i-use-curl-in-php-on-windows

Speak Your Mind

*