As suggested by one of the users:
You can also comment out line 80 of HttpClient.php. This line is telling curl to use that specific pem's CA to validate the host in the SSL request. This is not as insecure as someone stated because when you remove this setting CURL can default to it's own CA bundle, the system store, or other trusted stores depending on how it's built. It is still less secure, but it's not completely disregarding SSL validation.
I managed to look up the line that has to be commented by it comparing from the original Authorize.NET script here: