After running a few more test it seems that it may be a problem with SSL after all. If I run curl -k https://www.paypal.com
it works and I can establish a secure connection (just ignoring to to check the incoming cert).
This also works with my script when I add:
curl_setopt($curlSession, CURLOPT_SSL_VERIFYPEER, FALSE);
The session is still secure but I would be open to a "man-in-the-middle" attack.
Does anyone know where the perl script is that is run to check the incoming cert because I think it's this that is causing the problem.
Is there a simple search I can do that can check within a file for the string "error setting cerficate verify locations"