Connections to api.github.com not working after windows 10 creator's update

Question

I've been doing some laravel development over the past few months with no issue. After the Windows 10 Creator's update I've been unable to get any OpenSSL related functionality to work. They all point to the same error code: 1.

First failed attempt was something simple like:

laravel new blog

produces the following output

Crafting application...
Loading composer repositories with package information
Installing dependencies (including require-dev) from lock file
Package operations: 59 installs, 0 updates, 0 removals
  - Installing doctrine/inflector (v1.1.0): Loading from cache
  - Installing erusev/parsedown (1.6.2): Downloading (failed)
Downloading (failed)
Downloading (failed)    Failed to download erusev/parsedown from dist: The "https://api.github.com/repos/erusev/parsedown/zipball/1bf24f7334fe16c88bf9d467863309ceaf285b01" file could not be downloaded: SSL operation failed with code 1. OpenSSL Error messages:
error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
Failed to enable crypto
failed to open stream: operation failed
Now trying to download from source

... And continues on like that for most of the packages

Re-installing php didn't help

I tried reinstalling php to a newer version 7.1.5 instead of my current 7.1.3 (which worked before the Creator's Update).

Trying to update composer didn't fix it

I went to reinstall composer and get basically the same errors posted above, but just one single error:

The "https://getcomposer.org/versions" file could not be downloaded: SSL operation failed with code 1. OpenSSL Error messages:
error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
Failed to enable crypto
failed to open stream: operation failed

I'm not sure if I changed some setting when I allowed the Windows 10 Creator's Update that broke all of this.

Any help would be greatly appreciated.

Answer 1

Downloading (failed)    Failed to download erusev/parsedown from dist: The

"https://api.github.com/repos/erusev/parsedown/zipball/1bf24f7334fe16c88bf9d467863309ceaf285b01" file could not be downloaded: SSL operation failed with code 1. OpenSSL Error messages: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed

You need to provide more information, like the precise details of the connection and the trust store details.

Here are three things you should ensure:

• Use Server Name Indication (SNI)
• Use TLS 1.0 and above
• Install the DigiCert SHA2 High Assurance Server CA in your trust store.

---

$ openssl s_client -connect api.github.com:443 -servername api.github.com -tls1 | openssl x509 -text -noout
depth=1 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert SHA2 High Assurance Server CA
verify error:num=20:unable to get local issuer certificate
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0d:9d:dd:e7:cf:ac:61:9a:c3:86:6f:ae:35:45:8a:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA
        Validity
            Not Before: Jan 18 00:00:00 2017 GMT
            Not After : Apr 17 12:00:00 2020 GMT
        Subject: C=US, ST=California, L=San Francisco, O=GitHub, Inc., CN=*.github.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:a9:c0:8f:30:49:2d:bb:12:e8:0c:0c:5d:1d:08:
                    08:f7:91:70:78:7e:05:6b:af:8b:b2:55:36:aa:69:
                    94:04:5f:a9:bb:86:4e:52:fa:48:43:15:54:e7:0a:
                    9d:59:ac:59:6a:ec:46:d6:76:14:4e:b0:16:74:f6:
                    f5:9f:4b:a6:80:bb:06:13:b5:98:5c:99:d0:3c:97:
                    b0:20:ae:10:86:e6:b4:2e:ca:e2:ac:87:47:91:cc:
                    07:43:cd:cd:11:88:fe:96:cc:21:83:47:d4:41:44:
                    6d:d3:a5:2d:6b:96:a4:2e:8b:c3:74:93:cb:a9:3b:
                    93:4b:f9:ec:84:e6:bb:ea:14:74:a2:e5:a7:ae:ab:
                    9c:2c:bd:6c:cd:cb:d7:fe:86:c1:f8:db:1b:9a:be:
                    7c:32:b8:3c:a6:b4:1f:46:82:ba:89:bc:e5:67:2b:
                    15:f3:ca:8f:70:2a:5c:e7:b9:6a:e9:00:4a:43:61:
                    7d:5a:04:0c:b2:c4:22:81:77:d3:36:6f:25:00:04:
                    3e:2f:a8:02:66:78:1d:e0:a7:c7:60:f4:89:60:0d:
                    3b:a0:55:a6:b9:23:9a:96:08:74:d1:68:7c:3d:48:
                    ee:44:6a:dc:37:15:a9:9a:07:c0:2d:01:c7:15:88:
                    28:0d:c0:fe:6b:cf:86:a0:99:3e:19:d2:5d:de:89:
                    e0:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Authority Key Identifier:
                keyid:51:68:FF:90:AF:02:07:75:3C:CC:D9:65:64:62:A2:12:B8:59:72:3B

            X509v3 Subject Key Identifier:
                EA:61:52:B2:FE:0A:40:80:E5:20:8A:30:37:24:A0:EA:A6:6C:6A:AA
            X509v3 Subject Alternative Name:
                DNS:*.github.com, DNS:github.com
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Extended Key Usage:
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:http://crl3.digicert.com/sha2-ha-server-g5.crl

                Full Name:
                  URI:http://crl4.digicert.com/sha2-ha-server-g5.crl

            X509v3 Certificate Policies:
                Policy: 2.16.840.1.114412.1.1
                  CPS: https://www.digicert.com/CPS
                Policy: 2.23.140.1.2.2

            Authority Information Access:
                OCSP - URI:http://ocsp.digicert.com
                CA Issuers - URI:http://cacerts.digicert.com/DigiCertSHA2HighAssuranceServerCA.crt

            X509v3 Basic Constraints: critical
                CA:FALSE
            CT Precertificate SCTs:
                Signed Certificate Timestamp:
                    Version   : v1(0)
                    Log ID    : A4:B9:09:90:B4:18:58:14:87:BB:13:A2:CC:67:70:0A:
                                3C:35:98:04:F9:1B:DF:B8:E3:77:CD:0E:C8:0D:DC:10
                    Timestamp : Jan 18 17:25:01.131 2017 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:44:02:20:1E:AC:0E:EF:D1:B5:53:47:56:E5:29:3E:
                                88:CC:41:5D:34:06:D2:F4:9D:BE:B0:C2:32:37:A0:DA:
                                77:C4:06:42:02:20:03:DE:1E:2A:28:E7:D7:67:11:3A:
                                1A:F3:34:3E:BE:B6:15:56:FC:F7:48:99:4C:D3:12:87:
                                42:18:58:1A:08:F5
                Signed Certificate Timestamp:
                    Version   : v1(0)
                    Log ID    : 56:14:06:9A:2F:D7:C2:EC:D3:F5:E1:BD:44:B2:3E:C7:
                                46:76:B9:BC:99:11:5C:C0:EF:94:98:55:D6:89:D0:DD
                    Timestamp : Jan 18 17:25:01.340 2017 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:45:02:20:24:A6:69:92:C0:28:82:C6:2D:7C:BD:B5:
                                B0:C2:45:CA:8A:C7:82:9A:5D:A3:85:20:2C:54:1C:B0:
                                DA:BE:1B:D3:02:21:00:8A:25:EF:B9:CA:F5:65:81:DC:
                                A0:9D:62:C7:EF:D4:03:25:B8:4B:2D:7E:49:F2:31:57:
                                FF:CF:56:E3:2E:98:57
                Signed Certificate Timestamp:
                    Version   : v1(0)
                    Log ID    : EE:4B:BD:B7:75:CE:60:BA:E1:42:69:1F:AB:E1:9E:66:
                                A3:0F:7E:5F:B0:72:D8:83:00:C4:7B:89:7A:A8:FD:CB
                    Timestamp : Jan 18 17:25:01.614 2017 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:44:02:20:72:AB:CC:0E:48:6F:33:44:18:CA:F6:36:
                                66:E6:70:99:DC:B9:44:D9:1E:C1:D1:26:A5:34:78:26:
                                5C:89:A9:F9:02:20:46:18:85:F9:69:D5:94:6E:3B:85:
                                5A:20:5B:D5:99:C4:91:8B:07:F3:5F:E8:CD:B6:06:9B:
                                9C:58:DF:A2:24:C7
                Signed Certificate Timestamp:
                    Version   : v1(0)
                    Log ID    : BB:D9:DF:BC:1F:8A:71:B5:93:94:23:97:AA:92:7B:47:
                                38:57:95:0A:AB:52:E8:1A:90:96:64:36:8E:1E:D1:85
                    Timestamp : Jan 18 17:25:01.149 2017 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:45:02:21:00:92:4C:BD:09:5D:FD:CE:FD:02:D8:45:
                                12:3D:36:A9:57:5A:CD:FF:D2:9A:39:1B:FA:08:0D:FC:
                                38:EB:48:1D:BC:02:20:06:12:34:B0:C4:28:F8:AF:E3:
                                E7:52:0C:C5:B5:44:5B:2E:87:E4:DE:20:2F:10:22:E3:
                                F4:D6:4E:D9:26:5B:75
    Signature Algorithm: sha256WithRSAEncryption
         7c:83:2f:49:4a:bd:67:81:14:9e:22:3d:ef:a6:8e:91:74:d2:
         3f:06:bc:19:3f:8a:17:39:4b:a5:cc:8f:99:c5:3f:c7:c0:13:
         a6:d5:2c:01:19:d2:f7:a6:33:c7:b0:56:b5:c8:69:ad:7b:03:
         58:a7:45:2e:09:90:fd:84:d3:76:05:1f:cb:f4:32:cb:b6:da:
         26:f0:b2:2f:00:5f:e1:c2:69:b0:17:58:68:ac:5c:8a:07:b6:
         76:70:09:8e:05:48:be:5f:23:10:ee:24:fa:50:f9:05:68:2a:
         42:04:44:94:35:e3:d1:25:55:41:0d:70:77:43:19:4c:a5:a5:
         0d:56:f1:98:ab:17:ce:ee:48:d2:45:82:1b:af:e6:7c:17:09:
         73:ee:87:f8:00:56:73:56:08:2b:ea:4b:3f:58:c3:61:c0:bc:
         c2:3f:5f:46:44:c2:a5:95:bf:de:56:7f:36:df:ac:9c:cd:6e:
         8d:34:59:ed:14:c1:95:11:b6:b8:92:e9:21:7d:79:26:28:52:
         a6:b1:2b:de:ed:fd:44:75:29:1c:e3:83:2c:dc:d5:03:0e:b7:
         cd:f2:6a:08:9b:cf:b5:a0:ab:fb:f2:97:2a:ba:9f:8e:4f:59:
         f9:ee:cd:9a:0f:88:c4:e7:f8:33:f3:31:6e:8c:78:28:9b:cb:
         95:7f:29:c1