Cookie name	Description	Lifetime	Provider
_ce.clock_data	Store the difference in time from the server's time and the current browser.	1 day	Crazy Egg
_ce.clock_event	Prevent repeated requests to the Clock API.	1 day	Crazy Egg
_ce.irv	Store isReturning value during the session	Session	Crazy Egg
_ce.s	Track a recording visitor session unique ID, tracking host and start time	1 year	Crazy Egg
_hjSessionUser_2909345	Store a unique user identifier to track user sessions and interactions for analytics purposes.	1 year	HotJar
_hjSession_2909345	Store session data to identify and analyze individual user sessions.	1 day	HotJar
apt.uid	Store a unique user identifier for tracking and personalization.	1 year	Mageplaza
cebs	Store user preferences and settings.	Session	Mageplaza
cf_clearance	Store a token that indicates a user has passed a Cloudflare security challenge.	1 year	Cloudflare
crisp-client	The crisp-client/session cookie is used to identify and maintain a user session within the Crisp platform. It allows the live chat system to recognize returning users, maintain chat history, and ensure continuity in customer service interactions.	Session	Crisp
_ga	Store a unique client identifier (Client ID) for tracking user interactions on the	2 years	Google
_ga_7B0PZZW26Z	Store session state information for Google Analytics 4.	2 years	Google
_ga_JTRV42NV3L	Store session state information for Google Analytics 4.	2 years	Google
_ga_R3HWQ50MM4	Store a unique client identifier (Client ID) for tracking user interactions on the website.	2 years	Google
_gid	Store a unique client identifier (Client ID) for tracking user interactions on the website.	1 day	Google
_gat_UA-76130628-1	Throttle the request rate to Google Analytics servers.	1 day	Google

Cookie name	Description	Lifetime	Provider
_gcl_au	The cookie is used by Google to track and store conversions.	1 day	Google
__Secure-3PAPISID	This cookie is used for targeting purposes to build a profile of the website visitor's interests in order to show relevant and personalized Google advertising.	2 years	Google
HSID	This security cookie is used by Google to confirm visitor authenticity, prevent fraudulent use of login data and protect visitor data from unauthorized access.	2 years	Google
__Secure-1PSID	This cookie is used for targeting purposes to build a profile of the website visitor's interests in order to show relevant and personalized Google advertising.	2 years	Google
SID	This security cookie is used by Google to confirm visitor authenticity, prevent fraudulent use of login data and protect visitor data from unauthorized access.	2 years	Google
APISID	This cookie is used by Google to display personalized advertisements on Google sites, based on recent searches and previous interactions.	2 years	Google
__Secure-1PAPISID	This cookie is used for targeting purposes to build a profile of the website visitor's interests in order to show relevant and personalized Google advertising.	2 years	Google
__Secure-3PSID	This cookie is used for targeting purposes to build a profile of the website visitor's interests in order to show relevant and personalized Google advertising.	2 years	Google
SSID	This cookie is used by Google to display personalized advertisements on Google sites, based on recent searches and previous interactions.	2 years	Google
SAPISID	This cookie is used by Google to display personalized advertisements on Google sites, based on recent searches and previous interactions.	2 years	Google
__Secure-3PSIDTS	This cookie collects information about visitor's interactions with Google services and ads. It is used to measure advertising effectiveness and deliver personalised content based on interests. The cookie contains a unique identifier.	2 years	Google
__Secure-1PSIDTS	This cookie collects information about visitor's interactions with Google services and ads. It is used to measure advertising effectiveness and deliver personalised content based on interests. The cookie contains a unique identifier.	2 years	Google
SIDCC	This security cookie is used by Google to confirm visitor authenticity, prevent fraudulent use of login data, and protect visitor data from unauthorized access.	3 months	Google
__Secure-1PSIDCC	This cookie is used for targeting purposes to build a profile of the website visitor's interests in order to show relevant and personalized Google advertising.	1 year	Google
__Secure-3PSIDCC	This cookie is used for targeting purposes to build a profile of the website visitor's interests in order to show relevant and personalized Google advertising.	1 year	Google
1P_JAR	This cookie is a Google Analytics Cookie created by Google DoubleClick and used to show personalized advertisements (ads) based on previous visits to the website.	1 month	Google
NID	Show Google ads in Google services for signed-out users.	6 months	Google

Cookie name	Description	Lifetime	Provider
_dc_gtm	Manage and deploy marketing tags through Google Tag Manager.	1 year	Google
1P_JAR	Gather website statistics and track conversion rates for Google AdWords campaigns.	1 month	Google
AEC		1 month	Google
ar_debug	Debugging purposes related to augmented reality (AR) functionalities.	1 month	Doubleclick
IDE	The IDE cookie is used by Google DoubleClick to register and report the user's actions after viewing or clicking on one of the advertiser's ads with the purpose of measuring the effectiveness of an ad and to present targeted ads to the user.	1 year	Doubleclick
ad_storage	Enables storage, such as cookies (web) or device identifiers (apps), related to advertising.	1 year	Google
ad_user_data	Sets consent for sending user data to Google for online advertising purposes.	1 year	Google
ad_personalization	Sets consent for personalized advertising.	1 year	Google
analytics_storage	Enables storage, such as cookies (web) or device identifiers (apps), related to analytics, for example, visit duration.	1 year	Google

[Solved] SSL Certificate Problem: Unable To Get Local Issuer Certificate

Vinh Jacker | 10-04-2019

After installing an SSL certificate successfully, a padlock sign and HTTPS will appear in the browser. The website connection with an https:// URL helps the web server establish a secure connection with the web browser. While making a cURL request to a safe HTTPS destination, you may have received the SSL certificate problem: unable to get local issuer certificate message. Although this error is not common, it still occurs sometimes.

This post will explain what the SSL Certificate is, then show you the primary causes of this error, and how to correct the “SSL certificate problem: unable to get local issuer certificate” error.

Initially, let’s explore what an SSL certificate is and why it is a must-have certificate of your website.

About An SSL Certificate

SSL Certificate

An SSL (Secure Socket Layer) certificate encrypts the communications between clients and servers and secures it from the person trying to intercept it. SSL encrypts your data into unreadable forms, so it is difficult or impossible for any third party to steal data during transmission. A secure session occurs behind the scenes without interrupting the users’ browsing experience. SSL certificates are very advantageous when it comes to protecting sensitive information, such as banking details, login credentials, personal details, and other vital data.

For an e-commerce store, an SSL certificate is essential in facilitating secure online transactions. If your website is not encrypted, it is at risk of data theft. Attackers can read passwords, login info, and other sensitive information uploaded by users. SSL certificate helps your online store accept payment securely, protect password logins, protect web forms, and improve SEO performance.

Roots Of SSL Certificate Problem: Unable To Get Local Issuer Certificate

When you are using client SSL certificates and try to make a request to a secured HTTPS source, you need to share an SSL certificate to verify your identity. During this time, if the root certificate on the system does not work correctly, the “SSL certificate problem: unable to get Local Issuer Certificate” error can occur.

To fix this error, many effective solutions are available, from which you are likely to select one.

Solutions For SSL Certificate Problem: Unable To Get Local Issuer Certificate

The “Unable to Get Local Issuer Certificate” error is a common SSL issue when using Git. This can happen due to misconfigured certificates, outdated settings, or environmental constraints. We will show you several solutions for .PEM Format, for .CRT Format and for Git Server.

For .PEM Format

1. Change Php.ini (Keep SSL)

Go to https://curl.haxx.se/ca/cacert.pem and download cacert.pem.
Then, copy cacert.pem into your version of openssl/zend. For example, /usr/local/openssl-0.9.8/certs/cacert.pem.
Open your php.ini file and modify the CURL configuration by adding cainfo = ‘/usr/local/openssl-0.9.8/certs/cacert.pem.
Restart your PHP and identify whether the CURL can read HTTPS URL or not.

2. Don’t Change Php.Ini (Keep SSL)

Enter the below code while maintaining SSL.

$ch = curl_init();
$certificate_location = ‘/usr/local/openssl-0.9.8/certs/cacert.pem’;
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, $certificate_location);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, $certificate_location);

3. Disable SSL (Not recommended)

Enter the below code

$ch = curl_init();
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);

One of the three above solutions is bound to work, and you will no longer receive the “SSL certificate problem: unable to get Local Issuer Certificate” message.

For .CRT Format

1. Acquire The SSL bundle - ca-bundle.crt

To get the SSL bundle, please go to the URL below, copy and save the content on your server. You can save it to any destination, but it is recommended to keep it near the server’s top level.

https://raw.githubusercontent.com/bagder/ca-bundle/master/ca-bundle.crt

I have this error today, for instance, I am using a locally hosted XAMP installation, so I select this path:

C:/xampp/htdocs/_certs/ca-bundle.crt

2. Change Php.ini

To identify where the php.ini file is located, you have to edit this file. For instance, in XAMPP, you can get to the php.ini file from the Config button in the control panel of XAMPP. Other servers can have php.ini files in some other locations, but mostly these files can be located in the /etc directory somewhere.

After finding the php.ini file successfully, add or update below lines into that file:

[CA Certs]
curl.cainfo="C:/xampp/htdocs/_certs/ca-bundle.crt"
openssl.cafile="C:/xampp/htdocs/_certs/ca-bundle.crt"

Note: You need to update the path to match where your php.ini is saved.

3. Restart PHP

Once you finish all the steps mentioned above, restart the PHP. Different servers may trigger PHP restart differently. If you are using the XAMPP server, you need to turn off Apache and then turn on via the XAMPP control panel. In Linux servers, you can try the below command:

service php5-fpm restart`

And that‘s it! After restarting PHP, you can now re-try your cURL request and be happy to see an actual request sent. Hopefully, with no other issues, you will see a valid response.

For Git Server

1. Edit the php.ini file

The php.ini file plays a crucial role in PHP and cURL operations. You can edit it to resolve the “Unable to Get Local Issuer Certificate” error by following these steps:

Access the cPanel: Log in to your cPanel and navigate to File Manager > PHP Software.
Locate and edit the php.ini File: Open the php.ini file in the root directory of your domain.
Download the latest CA certificate: Visit this website to download the cacert.pem file.
Copy the file to the correct directory: Move the cacert.pem file to the appropriate directory, such as /usr/local/openssl-0.9.8/certs/cacert.pem.
Update php.ini: Add the following line to your php.ini file: curl.cainfo = "/usr/local/openssl-0.9.8/certs/cacert.pem"
Restart PHP to apply the changes.
Test cURL: Verify if cURL can now access HTTPS URLs without errors.

2. Add SSL certificate to trusted certificate store

To resolve the error in Git Bash, you can manually add the SSL certificate to the trusted certificate store:

Copy the SSL certificate:** Obtain the SSL certificate from the server.
Navigate to the certificate Store: Open the directory typically located at: C:\Program Files\Git\mingw64\ssl\certs
Edit the ca-bundle.crt File: Open the ca-bundle.crt file with a text editor and paste the copied SSL certificate at the end of the file.
Save the file to ensure the certificate is trusted.

3. Reinstall git and celect SSL transport backend option

Reinstalling Git with proper configuration can resolve SSL-related issues. Follow these steps:

Uninstall Git: Use the Control Panel to uninstall Git.
Download Git: Visit https://git-scm.com/download/win and download the appropriate Git version for your system.
Install Git with SSL backend: During installation, select the “SSL Transport Backend” option. Then, complete the installation and test Git.

4. Configure repository access to SSL certificates in VS Code

If you encounter this error in Visual Studio Code (VS Code), reconfigure Git settings:

Set SSL backend to schannel: Run the following command: git config --global http.sslBackend schannel
Use admin rights for system-level configuration: Open the terminal as an administrator and execute: git config --system http.sslBackend schannel.
Reassign the certificate path: If the error persists due to location misconfiguration, set the certificate path: git config --global http.sslcainfo "<path-to-certificate>"

5. Temporarily deactivate SSL verification (Not recommended)

Disabling SSL verification is not secure and should only be used temporarily for testing. Here’s how:

Disable SSL Locally: git -c http.sslVerify=false clone
Disable SSL Globally: git config –global http.sslVerify false
Re-enable SSL Verification: After testing, re-enable SSL verification: git config –global http.sslVerify true

Related post:

How to install SSL Certificate for Magento 2?

Final Words

Hopefully, this guide will help you solve the SSL certificate problem: ‘Unable to get local issuer certificate quickly. If you are looking for a perfect security solution for your online store, Magento 2 Security extension by Mageplaza is the great choice for you. This module keeps your store from hackers and protects your valued information in different areas such as Brute Force, Blacklist IPs, login records, log backups, and more. In case you have any questions about this article, don’t hesitate to leave a comment below!

Vinh Jacker

Jacker is the Chief Technology Officer (CTO) at Mageplaza, bringing over 10 years of experience in Magento, Shopify, and other eCommerce platforms. With deep technical expertise, he has led numerous successful projects, optimizing and scaling online stores for global brands. Beyond his work in eCommerce development, he is passionate about running and swimming.

Share this post:

Change Store Email Addresses

3 mins read | 04-02-2016

Change Welcome Message

Customize the welcome message on your store's homepage to provide a personalized touch for your customers. Improve the user experience with our step-by-step guide.

3 mins read | 04-02-2016

Configure Magento 2 Contact Form & Email: Detailed Guides

Configure the email address for your Magento 2 store's contact form and ensure that your customers can easily get in touch with you with this informative guide

10 mins read | 04-02-2016

How to Install Magento 2 with Sample Data

How to install Magento 2 with Sample Data. In this topic we will discuss about How to Install Magento 2 Step by Step in Manage Store topic

11 mins read | 04-04-2016

6 Steps To Stop Brute Force Attacks

How To Stop Brute Force Attacks in Magento 1, 2. In this topic we will discuss about How To Stop Brute Force Attacks in Manage Store topic

7 mins read | 04-06-2016

How to set Locale, Language, and Country in Magento 2

Setup Locale State Country in Magento 2 provides setup your store information on Locale Options that determines the timezone, language, country and the days.

7 mins read | 04-08-2016

Change Store Email Addresses

3 mins read | 04-02-2016

Change Welcome Message

Customize the welcome message on your store's homepage to provide a personalized touch for your customers. Improve the user experience with our step-by-step guide.

3 mins read | 04-02-2016

Configure Magento 2 Contact Form & Email: Detailed Guides

Configure the email address for your Magento 2 store's contact form and ensure that your customers can easily get in touch with you with this informative guide

10 mins read | 04-02-2016

How to Install Magento 2 with Sample Data

How to install Magento 2 with Sample Data. In this topic we will discuss about How to Install Magento 2 Step by Step in Manage Store topic

11 mins read | 04-04-2016

6 Steps To Stop Brute Force Attacks

How To Stop Brute Force Attacks in Magento 1, 2. In this topic we will discuss about How To Stop Brute Force Attacks in Manage Store topic

7 mins read | 04-06-2016

How to set Locale, Language, and Country in Magento 2

Setup Locale State Country in Magento 2 provides setup your store information on Locale Options that determines the timezone, language, country and the days.

7 mins read | 04-08-2016

Website Support
& Maintenance Services

Make sure your store is not only in good shape but also thriving with a professional team yet at an affordable price.

Get Started