in reply to NTLM Authentication w/ Internal Site

How can I verify my internal site?

It isn't clear to me what you mean by "internal" here or why that has any bearing.

To verify a certificate on a given site you need to verify that the CA has signed the cert, that the cert has a CN which reflects the site's hostname, and that everything is in date. LWP should do all of this for you so the most likely cause is an unknown CA. Be sure to specify the CA cert either through ssl_opts or in the environment before you begin.

🦛

Replies are listed 'Best First'.
Re^2: NTLM Authentication w/ Internal Site
by DanEllison (Scribe) on May 19, 2022 at 21:47 UTC

    It's a large corporation, so even the CA was internal to the company. I thought I had downloaded the rootCa as well as all the intermediate certificates, but it still wouldn't verify the host. I did find a certificate bundle on my linux host and downloaded that to my windows box and that seems to have resolved the verify host issue.

    Its still not authenticating against NTLM even though I can see the "WWW-Authenticate: NTLM <token>" being sent. I do see another warning now, "Peer certificate not verified".

[reply]
      I do see another warning now, "Peer certificate not verified".

      That's presumably because you have have left verify_hostname as zero. Test:

      use strict;
use warnings;

use Test::More tests => 2;
use LWP::UserAgent;

my $ua = LWP::UserAgent->new;
isnt get_cw ($ua), 'Peer certificate not verified', 'Verify = no warni
+ng';
$ua->ssl_opts (verify_hostname => 0);
is get_cw ($ua), 'Peer certificate not verified', 'No Verify = warning
+';

sub get_cw {
    my $lpw = shift;
    my $res = $lpw->head ('https://www.perlmonks.org/');
    my $cw  = $res->header ('Client-SSL-Warning') // '';
    return $cw;
}

      [download]

      🦛

[reply]
[d/l]
[select]
        No, all ssl_opts have been removed.
[reply]

In Section Seekers of Perl Wisdom