I’m trying to get composer to work on a remote Windows-machine which is using a proxy, but I always get this error when doing a composer install/update:

[Composer\Downloader\TransportException] curl error 60 while
downloading https://flex.symfony.com/versions.json: SSL certificate
problem: unable to get local issuer certificate

This is my composer.bat:

@echo OFF
:: in case DelayedExpansion is on and a path contains ! 
setlocal DISABLEDELAYEDEXPANSION
set HTTP_PROXY=
php "%~dp0composer.phar" %*

Obviously setting the proxy is needed, if I delete the line, the error becomes this:

[Composer\Downloader\TransportException] curl error 28 while
downloading https://flex.symfony.com/versions.json: Operation timed
out after 10000 milliseconds with 0 out of 0 bytes received

composer diag gives me this (with the proxy set):

Checking composer.json: OK
Checking platform settings: OK
Checking git settings: OK
Checking http connectivity to packagist: OK
Checking https connectivity to packagist: OK
Checking HTTP proxy: OK
Checking github.com rate limit: OK
Checking disk free space: OK
Checking pubkeys:
Tags Public Key Fingerprint: 57815BA2 7E54DC31 7ECC7CC5 573090D0  87719BA6 8F3BB723 4E5D42D0 84A14642
Dev Public Key Fingerprint: 4AC45767 E5EC2265 2F0C1167 CBBB8A2B  0C708369 153E328C AD90147D AFE50952
OK
Checking composer version: OK
Composer version: 2.0.9
PHP version: 7.4.7
PHP binary path: C:\Program Files\PHP\current\php.exe
OpenSSL version: OpenSSL 1.1.1g  21 Apr 2020
cURL version: 7.69.1 libz 1.2.11 ssl OpenSSL/1.1.1g
zip: extension present, unzip not available

I’ve been through a lot of posts and tutorials, but none of the answers work for me. (Some are just about curl and it’s options to switch off the cert-check but that doesn’t work for composer). Here’s what I have tried:

• Downloaded cacert.pem from http://curl.haxx.se/ca/cacert.pem or https://curl.se/docs/caextract.html (no copy&paste as some said editing the file would corrupt it – however that’s supposed to happen)
• saved the file locally
• activated openssl in php.ini
• edited php.ini and added the path of the cert-file for “curl.cainfo” as well as “openssl.cafile” (according to some posts that makes a difference, so I tried both), used the full path and quotes, like this: curl.cainfo="C:\Program Files\PHP\cacert.pem"
• moved the pem-file to different directories to make sure no Windows-permissions would make it inaccessible (I also set the file and it’s directory to be accessible by all users just to make sure)
• used php -r "print_r(openssl_get_cert_locations());" to find out the default certfile-location (it’s “C:\Program Files\Common Files\SSL”), also saved the cert-file there

All of this did not work, the error remains the same.
Then I found a post which set a repository in composer.json and explicitely set the certfile for that repo, so I also tried it and added this to my composer.json:

{
  "repositories": [{
    "type": "composer",
    "url": "https://flex.symfony.com",
    "options" : {
      "ssl" : {
        "cafile" : "cacert.pem"
      }
    }
  }]
}

The file “cacert.pem” is in the same directory as my composer.json, now the error is this:

[Composer\Downloader\TransportException] The
“https://flex.symfony.com/packages.json” file could not be downloaded
(HTTP/2 404 )

which is not that surprising, as trying to access “https://flex.symfony.com/packages.json” via a browser also gives me a 404. (Don’t know if it makes a difference that all at a sudden “packages.json” couldn’t be loaded while the cert-error complained about “versions.json”, have no idea which is loaded first and if this error is a “good” sign.)

This trial-and-error journey has been going on for days, I’m out of ideas, so any help is appreciated!