Error in certificate validation. Need help!

chandantul has asked for the wisdom of the Perl Monks concerning the following question:

I was using this IO::Socket::SSL; but I am getting certifcate validation error after providing all the details in Rest client

I am also observing that the following module is is not getting updated and IO::Socket::SSL its halting in my Straberry Perl for Windows.

# listen at 127.0.0.1:57715
# connect to 0: success reuse=0 version=TLSv1_3
t/session_ticket.t ................ 1/6 # connect to 0: success reuse=
+1 version=TLSv1_3
# connect to 1: success reuse=1 version=TLSv1_3
# connect to 1: success reuse=0 version=TLSv1_3
# connect to 0: success reuse=0 version=TLSv1_3
# connect to 0: success reuse=1 version=TLSv1_3
t/session_ticket.t ................ ok
t/sessions.t ...................... ok
t/set_curves.t .................... ok
t/signal-readline.t ............... skipped: signals not relevant on t
+his platform
t/sni.t ........................... ok
t/sni_verify.t .................... 1/17
[download]

SSL upgrade failed: SSL connect attempt failed with unknown error error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed at /usr/local/share/perl5/LWP/Protocol/http.pm line 208.

Its Responsecode1 : 500  .
ts Responsecontent : Can't connect to sso.abc.com:443code>

<p>My Rest client config is below</p>

<code>sub run_api_call {
 #start with connecting to Okta and getting the users
  $client->setHost('https://sso.abc.com');
 $client->setCert("$cert");
  $client->setKey("$certkey");
  $client->setCa("$certca1");
  $client->setCa("$certca");
  $client->addHeader('Authorization',"SSWS $value");
  $client->addHeader('Accept','application/json');
  $client->addHeader('Content-type','application/json');
  $client->GET($_[0]);
}
[download]

Comment on Error in certificate validation. Need help! Select or Download Code

Replies are listed 'Best First'.
Re: Error in certificate validation. Need help! by hippo (Archbishop) on Mar 20, 2021 at 09:36 UTC
Check your version of Mozilla::CA is up to date. 🦛	[reply]
Re: Error in certificate validation. Need help! by Anonymous Monk on Mar 20, 2021 at 02:12 UTC
So, what do you need help with?	[reply]
Re^2: Error in certificate validation. Need help! by chandantul (Scribe) on Mar 20, 2021 at 03:15 UTC
I will need an alternate solution through perl script as i have observered the curl command is working fine and its giving me responses and i would like to use the same instead of Rest client that i have been using in current perl script. Please check below curl command that is working fine. `curl -H "Accept: application/json" -H "Content-Type: application/json" -H "Authorization: SSWS $APIKEY"` Can i get simmiler kind of Client code snippet that i can utlize in my existing code that can be used for perl `sub run_api_call { #start with connecting to Onelogin and getting the profiles $client->getUseragent()->proxy(['https'], 'http://proxy.com:8080'); $client->addHeader('Authorization',"SSWS $value"); $client->addHeader('Accept','application/json'); $client->addHeader('Content-type','application/json'); $client->GET($_[0]); }` [download] I am getting certificate validation error , I will need to understand that its my client issue or its a certificate validation issue and How i can resolve the certificate validation issue? The certificates are correct. As i have informed you that i am using strawbery perl for windows? What could be the real cause of this as per the debugging i am getting below error with below client. `sub run_api_call { #start with connecting to Onelogin and getting the profiles $client->getUseragent()->proxy(['https'], 'http://proxy.com:8080'); $client->setHost('my.onlogin.com'); $client->setCert("$cert"); $client->setKey("$certkey"); $client->setCa("$certca1"); $client->setCa("$certca"); $client->setTimeout(10); $client->addHeader('Authorization',"SSWS $value"); $client->addHeader('Accept','application/json'); $client->addHeader('Content-type','application/json'); $client->GET($_[0]); }` [download] Current Error below `Its Responsecode1 : 500 . ts Responsecontent : SSL upgrade failed: SSL connect attempt failed er +ror:1416F086:SSL routines:tls_process_server_certificate:certificate +verify failed at C:/Strawberry/perl/vendor/lib/LWP/Protocol/http.pm l +ine 209.` [download]	[reply] [d/l] [select]
Re^3: Error in certificate validation. Need help! by Corion (Patriarch) on Mar 20, 2021 at 06:45 UTC
I'm a bit confused. You seem to be describing two problems. One problem is that your own code fails with SSL certificate errors. The other problem seems to be that you cannot upgrade some other module, because some module in the chain fails its test suite with SSL certificate errors. Which is it, and which module versions do you have? If it is your own code, please show the module versions and the relevant code. I see that you add a proxy to connect through in your code in `run_api_call`, but you don't add such a proxy to your `curl` command line. Maybe that is the problem? Maybe you need to update the (public) certificates using Mozilla::CA? If you are using private certificates, are you certain that the filenames are correct?	[reply] [d/l] [select]
Re^4: Error in certificate validation. Need help! by chandantul (Scribe) on Mar 22, 2021 at 11:37 UTC
Re^5: Error in certificate validation. Need help! by hippo (Archbishop) on Mar 22, 2021 at 12:00 UTC
Some notes below your chosen depth have not been shown here
Re^4: Error in certificate validation. Need help! by chandantul (Scribe) on Mar 20, 2021 at 17:08 UTC