Re^3: Error in certificate validation. Need help!

Replies are listed 'Best First'.
Re^4: Error in certificate validation. Need help! by chandantul (Scribe) on Mar 22, 2021 at 11:37 UTC
I have fixed the issue with my Java script by updating my keystore and make the keystore loadin on my script and make the SSL enabled call in order validate the API call. Do you have any fix as per my Last post for my perl script?	[reply]
Re^5: Error in certificate validation. Need help! by hippo (Archbishop) on Mar 22, 2021 at 12:00 UTC
See Common Usage Errors which says: If the verification does not succeed with the default settings, one can do the following: Make sure the needed CAs are in the store, maybe use SSL_ca_file or SSL_ca_path to specify a different CA store. If the validation fails because the certificate is self-signed and that's what you expect, you can use the SSL_fingerprint option to accept specific leaf certificates by their certificate or pubkey fingerprint. If the validation failed because the hostname does not match and you cannot access the host with the name given in the certificate, you can use SSL_verifycn_name to specify the hostname you expect in the certificate. 🦛	[reply]
Re^6: Error in certificate validation. Need help! by chandantul (Scribe) on Mar 22, 2021 at 19:54 UTC
I understood. I have the Rest client in my perl script, How i can import CA cert files in Perl CA store like the following Mozilla::CA? The certificate is not Self Signed certificate. #!/usr/bin/env perl use strict; no warnings; use Win32::Process; use REST::Client; use JSON::Parse ':all'; use MIME::Base64; use Term::ReadKey; use Data::Dumper; use MIME::Lite; use Config::Properties; use IO::Socket::SSL; use LWP::UserAgent; use HTTP::Request; use Mozilla::CA;sub my $apiurlapplog1 = $baseurl ."/api/v1/users?" . $pagecount1; my $client = REST::Client->new(); my @responsetext; my @responsetextall; run_api_call { #start with connecting to Okta and getting the users $client->getUseragent()->proxy(['https'], 'http://proxy.abc.com:8080' +); $client->setHost('sso.abc.com'); $client->setCert("$cert"); $client->setKey("$certkey"); #$client-> SSL_ca_file => Mozilla::CA::SSL_ca_file(); $client->setCa("$certca1"); $client->setCa("$certca"); # $client->setTimeout(10); $client->addHeader('Authorization',"SSWS $value"); $client->addHeader('Accept','application/json'); $client->addHeader('Content-type','application/json'); $client->GET($_[0]); } print "$apiurlapplog1 . \n"; run_api_call($apiurlapplog1); my $responsecode = $client->responseCode() ; my $responsecontent = $client->responseContent() ; print "Its Responsecode1 : $responsecode . \n"; print "ts Responsecontent : $responsecontent . \n"; [download]	[reply] [d/l]
Re^4: Error in certificate validation. Need help! by chandantul (Scribe) on Mar 20, 2021 at 17:08 UTC
Hello, I am still having ceritificate validation error. Please check my Mozilla CA version below. https://sso.abc.com/api/v1/users?limit=200 . Its Responsecode1 : 500 . ts Responsecontent : SSL upgrade failed: SSL connect attempt failed er +ror:1416F086:SSL routines:tls_process_server_certificate:certificate +verify failed at C:/Strawberry/perl/vendor/lib/LWP/Protocol/http.pm l +ine 209. . JSON error at line 1, byte 1/196: Unexpected character 'S' parsing ini +tial state: expecting whitespace: 'n', '\r', '\t', ' ' or start of st +ring: '"' or digit: '0-9' or minus: '-' or start of an array or objec +t: '{', '[' or start of literal: 't', 'f', 'n' at Sync-All-users-prof +ile-Working.pl line 167. [download] cpan> install Mozilla::CA Mozilla::CA is up to date (20200520).code> <p>I am always getting issue while updating IO::Socket::SSL and i am g +etting below and halting infinite time</p> <code># connect to 0: success reuse=0 version=TLSv1_3 t/session_ticket.t ................ 1/6 # connect to 0: success reuse= +1 version=TLSv1_3 # connect to 1: success reuse=1 version=TLSv1_3 # connect to 1: success reuse=0 version=TLSv1_3 # connect to 0: success reuse=0 version=TLSv1_3 # connect to 0: success reuse=1 version=TLSv1_3 t/session_ticket.t ................ ok t/sessions.t ...................... ok t/set_curves.t .................... ok t/signal-readline.t ............... skipped: signals not relevant on t +his platform t/sni.t ........................... ok t/sni_verify.t .................... 1/17 [download] #!/usr/bin/env perl use strict; no warnings; use Win32::Process; use REST::Client; use JSON::Parse ':all'; use MIME::Base64; use Term::ReadKey; use Data::Dumper; use MIME::Lite; use Config::Properties; use IO::Socket::SSL; use LWP::UserAgent; use HTTP::Request; use Mozilla::CA;sub my $apiurlapplog1 = $baseurl ."/api/v1/users?" . $pagecount1; my $client = REST::Client->new(); my @responsetext; my @responsetextall; run_api_call { #start with connecting to Okta and getting the users $client->getUseragent()->proxy(['https'], 'http://proxy.abc.com:8080' +); $client->setHost('sso.abc.com'); $client->setCert("$cert"); $client->setKey("$certkey"); #$client-> SSL_ca_file => Mozilla::CA::SSL_ca_file(); $client->setCa("$certca1"); $client->setCa("$certca"); # $client->setTimeout(10); $client->addHeader('Authorization',"SSWS $value"); $client->addHeader('Accept','application/json'); $client->addHeader('Content-type','application/json'); $client->GET($_[0]); } print "$apiurlapplog1 . \n"; run_api_call($apiurlapplog1); my $responsecode = $client->responseCode() ; my $responsecontent = $client->responseContent() ; print "Its Responsecode1 : $responsecode . \n"; print "ts Responsecontent : $responsecontent . \n"; [download] Please let me know what i will need to add in Rest client in order to get proper response and get pass the SSO validation	[reply] [d/l] [select]