Hey All,
I am relatively "SSL Stupid" .. self admittedly. :)
I am trying to use a certificate that was assigned to me by a company
whom we are working with and I am having some problems and wondering if
I can get some assistance.
I generated a standard 1024 bit RSA private key and CSR and then was
issued a certificate by this company. Then when I received the
certificate I was told that I also need to use this companies root CA in
order to use it. So they also sent me the necessary root CA cert. This
is where I get lost.... :)
Now, I am trying to get my perl app to use these to make an HTTPS
request and am having problems. Now, I am -very- experienced with perl
and have done several HTTPS implementations in the past but never with a
non-public SSL certificate. I've always used SSL certs assigned by
Thawte, Verisign, etc..
Can anyone help me out here? Is there some special config I need to do
with OpenSSL to make this work?
The errors that I am getting from the perl LWP module when posting with
HTTPS in debug mode are:
--------
SSL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A
SSL_connect:SSLv3 read server hello A
SSL3 alert write:fatal:unknown CA
SSL_connect:error in SSLv3 read server certificate B
SSL_connect:error in SSLv3 read server certificate B
SSL_connect:before/connect initialization
SSL_connect:SSLv3 write client hello A
SSL_connect:SSLv3 read server hello A
SSL3 alert write:fatal:bad certificate
SSL_connect:error in SSLv3 read server certificate B
SSL_connect:before/connect initialization
SSL_connect:SSLv2 write client hello A
SSL_connect:error in SSLv2 read server hello B
500 (Internal Server Error) SSL negotiation failed: error:1407E086:SSL
routines:SSL2_SET_CERTIFICATE:certificate verify failed
Client-Date: Mon, 05 Dec 2005 22:01:38 GMT
500 SSL negotiation failed: error:1407E086:SSL
routines:SSL2_SET_CERTIFICATE:certificate verify failed at ../test.pl at
line 35
--------
Also, FYI, I know that this isn't a perl mailing list but perhaps this
will help as well. I am setting the CA_FILE and CA_DIR ENV variables in
perl for the Crypt:SSLeay module which if I am not mistaken should tell
it where to look for the root CA.
$ENV{HTTPS_CA_DIR} = '/home/web/lib/ssl/';
$ENV{HTTPS_CA_FILE} = 'my-root.cert';
Any Ideas? Any help at all would be very much appreciated!
Thanks so much,
Darren Nay
[EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
