Problem
While attempting to establish a secure SMTP connection using SSL or STARTTLS, the application may fail with the following error:
This error indicates that the application or server is unable to verify the SSL certificate presented by the mail server during the SSL/TLS handshake.
Cause
This issue occurs when the Certificate Authority (CA) that issued the mail server’s SSL certificate is not present or not trusted in the system’s trusted certificate store.
As a result, OpenSSL cannot validate the certificate chain and rejects the secure connection.
This is a known OpenSSL behavior and is documented here:
https://stackoverflow.com/questions/75013468/phpmailer-could-not-connect-to-smtp-host-stream-socket-enable-crypto-openssl
Solution
Install the required CA certificate or CA bundle in the system’s trusted certificate store.
Solution – Windows Server
Press Win + R, type
mmc, and press EnterGo to File → Add/Remove Snap-in
Select Certificates and click Add
Choose Computer account → Local computer
Navigate to: Certificates (Local Computer) → Trusted Root Certification Authorities → Certificates
Right-click and select All Tasks → Import
Import the provided CA certificate / CA bundle
Restart the application or related services
Solution – Linux Server (Ubuntu / Debian)
Copy the CA certificate or CA bundle to the server
Place the file in:
Update the trusted CA store:
Restart the application or related services
Solution – Linux Server (RHEL / CentOS)
Copy the CA certificate or CA bundle to:
Update the CA trust store:
Restart the application or related services
Notes
Ensure the system date and time are correctly configured
Restarting the application is required for the changes to take effect