PayPal Access: Issue with SSL Certificate Acquisition

When attempting to access PayPal's services via cURL and PHP, a notable error arises: "SSL certificate problem: unable to get local issuer certificate."

1. Requirement for SSL in PayPal Access

Contrary to PayPal's documentation, SSL certificates are indeed required for PayPal Access API usage. This is crucial for securing data transfer between the server and the client.

2. Troubleshooting the Error

a. Incorrect SSL Version: The CURLOPT_SSLVERSION option is set to 3, which may not be supported by the server. Try using a higher value, such as 6.

b. Missing Root Certificate: PHP may not have the necessary root certificate to validate the server's SSL certificate. Obtain a trusted root certificate (e.g., cacert.pem) and add it to PHP's configuration file (php.ini) using the "curl.cainfo" directive.

Correct Solution:

To resolve this issue, download the current list of root certificates, add the following line to your php.ini:

curl.cainfo=/cacert.pem

Restart your web server and the curl request should proceed without the SSL error. This ensures proper SSL validation and protects against man-in-the-middle attacks.