Web Push not working on IIS due to missing OpenSSL config (OPENSSL_CONF)

PHPMaker User Submitted Tips (PHPMaker)
1

I found the root cause and fixed the Web Push issue on IIS.

Problem / Symptoms

  • Subscriptions were created correctly in the Subscriptions table (Endpoint + p256dh + auth + content encoding).

  • Sending push from PHPMaker UI showed “sent”, but clients did not receive notifications.

  • In Browser DevTools > Network, the request to:
    POST /api/push/send
    returned HTTP 500 with this server-side error:
    RuntimeException: Unable to create the local key
    at vendor/minishlink/web-push/src/Encryption.php:256 (Encryption::createLocalKeyObject())

Root Cause (IIS + PHP on Windows)

  • PHP/OpenSSL was enabled, but OpenSSL was pointing to a default config path that did not exist:
    Openssl default config = C:\Program Files\Common Files\SSL\openssl.cnf (missing)

  • Because the openssl.cnf path was invalid, the Web Push library failed to generate the required local EC key for encryption, leading to the 500 error.

How I Confirmed

  • In phpinfo(), I checked:

    • OpenSSL support: enabled

    • OpenSSL Library Version: OpenSSL 3.0.18

    • Loaded Configuration File: D:\php8328\php.ini

    • Openssl default config: was pointing to a non-existent file.

  • Verified the missing file via PowerShell:
    Test-Path "C:\Program Files\Common Files\SSL\openssl.cnf" -> False

  • Found the correct OpenSSL config file shipped with PHP:
    D:\php8328\extras\ssl\openssl.cnf

Fix (IIS-specific)

  • Set the OpenSSL config path for the IIS PHP FastCGI process:

    • Add environment variable:
      OPENSSL_CONF = D:\php8328\extras\ssl\openssl.cnf

    • This can be set under IIS > Server > FastCGI Settings > (php-cgi.exe) > Environment Variables
      (then restart IIS), or as a System Environment Variable (then restart IIS).

  • After applying this, phpinfo() changed to:
    Openssl default config = D:\php8328\extras\ssl\openssl.cnf

  • Retested sending push from PHPMaker and it worked immediately:
    “Push notifications are sent (success = 1, failure = 4)” and the notification was delivered.

Conclusion
This was not a PHPMaker logic issue but an IIS/PHP OpenSSL configuration issue (missing/incorrect openssl.cnf). Ensuring OPENSSL_CONF points to a valid openssl.cnf file resolves the Unable to create the local key failure and allows Web Push encryption to work.

Best regards,