in reply to Re^3: Error in certificate validation. Need help!
in thread Error in certificate validation. Need help!

I have fixed the issue with my Java script by updating my keystore and make the keystore loadin on my script and make the SSL enabled call in order validate the API call. Do you have any fix as per my Last post for my perl script?

  • Comment on Re^4: Error in certificate validation. Need help!

Replies are listed 'Best First'.
Re^5: Error in certificate validation. Need help!
by hippo (Archbishop) on Mar 22, 2021 at 12:00 UTC

    See Common Usage Errors which says:

    If the verification does not succeed with the default settings, one can do the following:

    • Make sure the needed CAs are in the store, maybe use SSL_ca_file or SSL_ca_path to specify a different CA store.
    • If the validation fails because the certificate is self-signed and that's what you expect, you can use the SSL_fingerprint option to accept specific leaf certificates by their certificate or pubkey fingerprint.
    • If the validation failed because the hostname does not match and you cannot access the host with the name given in the certificate, you can use SSL_verifycn_name to specify the hostname you expect in the certificate.

    🦛

[reply]

      I understood. I have the Rest client in my perl script, How i can import CA cert files in Perl CA store like the following Mozilla::CA?

      The certificate is not Self Signed certificate.

      #!/usr/bin/env perl
use strict;
no warnings;
use Win32::Process;
use REST::Client;
use JSON::Parse ':all';
use MIME::Base64;
use Term::ReadKey;
use Data::Dumper;
use MIME::Lite;
use Config::Properties;
use IO::Socket::SSL;
use LWP::UserAgent; 
use HTTP::Request;
use Mozilla::CA;sub 
my $apiurlapplog1 = $baseurl ."/api/v1/users?" . $pagecount1;
my $client = REST::Client->new();
my @responsetext;
my @responsetextall;

run_api_call {
 #start with connecting to Okta and getting the users
 $client->getUseragent()->proxy(['https'], 'http://proxy.abc.com:8080'
+);
  $client->setHost('sso.abc.com');
  $client->setCert("$cert");
  $client->setKey("$certkey");
  #$client-> SSL_ca_file => Mozilla::CA::SSL_ca_file();
  $client->setCa("$certca1");
  $client->setCa("$certca");
 # $client->setTimeout(10);
  $client->addHeader('Authorization',"SSWS $value");
  $client->addHeader('Accept','application/json');
  $client->addHeader('Content-type','application/json');
  $client->GET($_[0]);
}
 print "$apiurlapplog1 . \n";

run_api_call($apiurlapplog1);
  my $responsecode = $client->responseCode() ;
   my $responsecontent = $client->responseContent() ;
  print "Its Responsecode1 : $responsecode  . \n";
  print "ts Responsecontent : $responsecontent . \n";

      [download]
[reply]
[d/l]

In Section Seekers of Perl Wisdom