First, you need to set the CURLOPT_SSL_VERIFYPEER option to true to verify the SSL certificate and CURLOPT_SSL_VERIFYHOST to 2 to check the existence of a common name in the SSL peer certificate.

<?php
$url = 'https://example.com';
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
$response = curl_exec($ch);
if($response === false) {
    echo 'cURL error: ' . curl_error($ch);
} else {
    echo 'Success!';
}
curl_close($ch);
?>

In this example, we set the CURLOPT_SSL_VERIFYPEER and CURLOPT_SSL_VERIFYHOST options to enable SSL certificate verification. If the verification fails, it will produce an error message through curl_error($ch). If the verification succeeds, it will output “Success!”.

For more advanced verification, you can also specify the path to a CA bundle using the CURLOPT_CAINFO option.

curl_setopt($ch, CURLOPT_CAINFO, '/path/to/ca-bundle.crt');

This will use the specified CA bundle to verify the SSL certificate.

Additionally, it’s always a good practice to handle SSL certificate errors and exceptions appropriately based on the specific requirements of your application.

You can find more information about cURL and SSL certificate verification in the PHP cURL documentation and the OpenSSL documentation.

I hope this helps! Let me know if you have further questions.

PHP cURL documentation
OpenSSL documentation