How do I replace hardcoded CA paths (e.g., /etc/ssl/certs/ca-certificates.crt) in Laravel HTTP requests with this package?

Use `CaBundle::getSystemCaRootBundlePath()` to dynamically fetch the correct CA path or fallback. For Guzzle, pass it directly to the `VERIFY` option. For cURL, set `CURLOPT_CAINFO` or `CURLOPT_CAPATH` based on whether the returned path is a file or directory. Laravel’s HTTP client (e.g., `Http::withOptions()`) supports this natively.

Will this work in Alpine Linux Docker containers where system CAs are missing?

Yes. The package includes a bundled Mozilla CA bundle as a fallback, ensuring HTTPS requests work even in minimal environments like Alpine. No additional configuration is needed—it auto-detects missing system CAs and switches to the bundled version.

Does this package support Laravel’s HTTP client (e.g., `Http::get()`) or only raw cURL/Guzzle?

It works seamlessly with Laravel’s HTTP client. Use `Http::withOptions(['verify' => CaBundle::getSystemCaRootBundlePath()])` to replace static CA paths. The package also integrates with Guzzle under the hood, so existing Guzzle-based services (e.g., queues, jobs) will benefit automatically.

How do I handle multi-process environments (e.g., Laravel Horizon) where CA paths might change dynamically?

Call `CaBundle::reset()` to clear static caches when needed, such as after deploying new CA certificates. This is useful in CI/CD pipelines or ephemeral containers where system paths may vary. Test this in staging to ensure thread safety.

Is there a performance impact from using `openssl_x509_parse()` for CA validation?

The validation is lightweight and only runs when explicitly called (e.g., `CaBundle::validateCaFile()`). For high-throughput APIs, avoid calling it on every request. The package prioritizes safety over performance, but the overhead is negligible for most use cases.

Can I use this in serverless environments like AWS Lambda or Cloud Functions?

Absolutely. Serverless environments often lack system CAs, so the bundled Mozilla fallback ensures HTTPS works out of the box. No additional setup is required—just use `CaBundle::getSystemCaRootBundlePath()` in your Lambda functions or HTTP clients.

What Laravel versions are officially supported, and are there PHP version requirements?

The package supports Laravel 10+ (PHP 8.1+) officially, with Laravel 9.x working but requiring PHP 8.0+. PHP 7.1+ is technically supported but deprecated. Always use the latest PHP version for security and compatibility with modern Laravel features.

How do I override the default CA path detection for custom environments (e.g., Windows or FreeBSD)?

Extend the `CaBundle` class or override `CaBundle::getSystemPaths()` to return your custom paths. This is useful for non-standard OSes or Docker images with non-default CA locations. Test thoroughly in your target environment.

Does this package conflict with other Laravel packages like Guzzle or Symfony HTTP Client?

No, it’s a stateless utility with no dependencies beyond PHP core. It integrates natively with Guzzle (via `VERIFY` option) and works with Symfony’s HTTP client. Laravel’s HTTP client (a Guzzle wrapper) also supports it without conflicts.

How often are the bundled CA certificates updated, and how do I stay informed?

Updates are automated via GitHub Actions and follow Mozilla’s CA program. Monitor the [release notes](https://github.com/composer/ca-bundle/releases) for breaking changes. For critical applications, consider pinning a specific version in `composer.json` and manually validating updates.

Weave Code

Code Weaver

Helps Laravel developers discover, compare, and choose open-source packages. See popularity, security, maintainers, and scores at a glance to make better decisions.

Ca Bundle Laravel Package

composer/ca-bundle

Finds the best CA bundle on your system for TLS/SSL verification, with an embedded Mozilla CA bundle fallback. Provides simple helpers to get CA file/dir paths and validate CA files for use with cURL, PHP streams, and Guzzle.

View on GitHub

Deep Wiki

Context7

Lets you find a path to the system CA bundle, and includes a fallback to the Mozilla CA bundle.

Frequently asked questions about Ca Bundle

How do I replace hardcoded CA paths (e.g., /etc/ssl/certs/ca-certificates.crt) in Laravel HTTP requests with this package?: Use `CaBundle::getSystemCaRootBundlePath()` to dynamically fetch the correct CA path or fallback. For Guzzle, pass it directly to the `VERIFY` option. For cURL, set `CURLOPT_CAINFO` or `CURLOPT_CAPATH` based on whether the returned path is a file or directory. Laravel’s HTTP client (e.g., `Http::withOptions()`) supports this natively.
Will this work in Alpine Linux Docker containers where system CAs are missing?: Yes. The package includes a bundled Mozilla CA bundle as a fallback, ensuring HTTPS requests work even in minimal environments like Alpine. No additional configuration is needed—it auto-detects missing system CAs and switches to the bundled version.
Does this package support Laravel’s HTTP client (e.g., `Http::get()`) or only raw cURL/Guzzle?: It works seamlessly with Laravel’s HTTP client. Use `Http::withOptions(['verify' => CaBundle::getSystemCaRootBundlePath()])` to replace static CA paths. The package also integrates with Guzzle under the hood, so existing Guzzle-based services (e.g., queues, jobs) will benefit automatically.
How do I handle multi-process environments (e.g., Laravel Horizon) where CA paths might change dynamically?: Call `CaBundle::reset()` to clear static caches when needed, such as after deploying new CA certificates. This is useful in CI/CD pipelines or ephemeral containers where system paths may vary. Test this in staging to ensure thread safety.
Is there a performance impact from using `openssl_x509_parse()` for CA validation?: The validation is lightweight and only runs when explicitly called (e.g., `CaBundle::validateCaFile()`). For high-throughput APIs, avoid calling it on every request. The package prioritizes safety over performance, but the overhead is negligible for most use cases.
Can I use this in serverless environments like AWS Lambda or Cloud Functions?: Absolutely. Serverless environments often lack system CAs, so the bundled Mozilla fallback ensures HTTPS works out of the box. No additional setup is required—just use `CaBundle::getSystemCaRootBundlePath()` in your Lambda functions or HTTP clients.
What Laravel versions are officially supported, and are there PHP version requirements?: The package supports Laravel 10+ (PHP 8.1+) officially, with Laravel 9.x working but requiring PHP 8.0+. PHP 7.1+ is technically supported but deprecated. Always use the latest PHP version for security and compatibility with modern Laravel features.
How do I override the default CA path detection for custom environments (e.g., Windows or FreeBSD)?: Extend the `CaBundle` class or override `CaBundle::getSystemPaths()` to return your custom paths. This is useful for non-standard OSes or Docker images with non-default CA locations. Test thoroughly in your target environment.
Does this package conflict with other Laravel packages like Guzzle or Symfony HTTP Client?: No, it’s a stateless utility with no dependencies beyond PHP core. It integrates natively with Guzzle (via `VERIFY` option) and works with Symfony’s HTTP client. Laravel’s HTTP client (a Guzzle wrapper) also supports it without conflicts.
How often are the bundled CA certificates updated, and how do I stay informed?: Updates are automated via GitHub Actions and follow Mozilla’s CA program. Monitor the [release notes](https://github.com/composer/ca-bundle/releases) for breaking changes. For critical applications, consider pinning a specific version in `composer.json` and manually validating updates.

Popularity trends

Recorded values over time (once-a-day snapshots). May 8, 2026 – Jun 6, 2026

GitHub · stars

GitHub · forks

GitHub · watchers

Packagist · monthly downloads

View on GitHub

Stars

2,963

Favorites

2,974

Forks

Score

45.8

Score breakdown

Sum of components, capped 0–100. Halved if archived.

Stars

input: 2963

+14.8
Forks

input: 40

+1.2
Open issues + PRs

input: 1

+0.1
Releases

input: 34

+10.2
Recency

input: 17

+19.1
Issue opportunity

input: 1

+0.0
Laravel News mentions

input: 0

+0.0
Dependents

input: 0

+0.0

Total 45.4

Opportunity

53.3

Opportunity score breakdown

Hidden gem signal × 0.65 + contribution need × 0.35, scaled by health factor.

Hidden gem

log(monthly_downloads / (stars + 1)) × 25

82.4
Contribution need

open_issues + open_prs: 1

0.0
Health factor

archived + recency + open issues

×0.99

Total 53.1

License

MIT

Last release

May 19, 2026

Watchers

Downloads

6M/mo

Dependents

Open issues

Weaver

How can I help you explore Laravel packages today?

Conversation history is not saved when not logged in.

Add packages to context

No packages found.

hamzi/corewatch

minionfactory/raw-hydrator

hexters/coinpayment

rjcodes/rjcms

act-training/laravel-permissions-manager

alimarchal/laravel-chart-of-accounts

babenkoivan/elastic-scout-driver

mkwebdesign/filament-watchdog-v5

renatomarinho/laravel-page-speed

zedmagdy/filament-business-hours

renatovdemoura/blade-elements-ui

devgeek/beacon-admin

benjamin-rqt/data-watcher-bundle

atriumphp/atrium

sandermuller/package-boost-laravel

sandermuller/boost-skills

redaxo/core

yusufgenc/filament-api-forge

l3aro/rating-star-for-filament

leek/filament-subtenant-scope