Sorry for spamming my blog with technical info, but this is a good find for the geeks out there like me.
We found a references on StackExchange to this test, which can be run on any Linux system that has curl installed (which is generally how you get the titular error):curl -v https://api.sandbox.paypal.com/v1/oauth2/token
* successfully set certificate verify locations:We have specified the CAINFO curl_opt in our PHP code, pointed it to a file, but when we tried to curl to Paypal's SSL server, it told us "error setting certificate verify locations: CAfile: /etc/apache2/...". We concluded that, at least on our system, we'd have to use whatever curl was using as the default.
* CAfile: /usr/share/curl/curl-ca-bundle.crt
CApath: none
/usr/share/curl/curl-ca-bundle.crt and that fixed the problem.
1.
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, true);
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($curl, CURLOPT_CAINFO, '/etc/apache2/...
2.
Updating ca-bundle.crt in other places (we found two!)