Every now and then you run into one of these simple problems that end up taking hours to troubleshoot. Today I had one of those, where I was trying to switch a client's Authorize.net payment gateway to live, bult on the PHP AIM SDK. No matter what I did, the live server would return "Error connecting to AuthorizeNet". It wasn't very helpful, but I did remember running into problems with cURL previously with a SSL certificate not having a valid intermediary certificate. I checked the validity of the SSL on the server via Qualys SSL Labs, but it was all verifying correctly.
I did check curl_error's output, and it was apparently returning "Peer's certificate issuer is not recognized". A relatively big a-ha moment—which lead me to the solution.
After a lot of trial and error googling this, I ran across a blog post on the Authorize.net developer blog announcing their switch over to SHA-2 based certificates back in March. So basically what was happening was that the PHP SDK I was using for Authorize.net's AIM API was a few years old, and shipped with a certificate file that of course was out of date, per the March certificate changes. Of course there's the usual recommendations to disable CURLOPT_SSL_VERIFYPEER, which is insane. The best solution was to simply get an up to date cURL cert from http://curl.haxx.se/ca/cacert.pem, and replace the existing one in the SDK, located in auth_net_directory/lib/ssl/cert.pem. Super fast and simple way to remedy the problem, if you know what to look for. Once I popped the up to date SHA-2 certificate over the old one, everything worked like a charm.
I'm sure you could apply this to other environments with some minor modifications.