in reply to Re: NTLM Authentication w/ Internal Site
in thread NTLM Authentication w/ Internal Site

It's a large corporation, so even the CA was internal to the company. I thought I had downloaded the rootCa as well as all the intermediate certificates, but it still wouldn't verify the host. I did find a certificate bundle on my linux host and downloaded that to my windows box and that seems to have resolved the verify host issue.

Its still not authenticating against NTLM even though I can see the "WWW-Authenticate: NTLM <token>" being sent. I do see another warning now, "Peer certificate not verified".

  • Comment on Re^2: NTLM Authentication w/ Internal Site

Replies are listed 'Best First'.
Re^3: NTLM Authentication w/ Internal Site
by hippo (Archbishop) on May 20, 2022 at 08:37 UTC
    I do see another warning now, "Peer certificate not verified".

    That's presumably because you have have left verify_hostname as zero. Test:

    use strict;
use warnings;

use Test::More tests => 2;
use LWP::UserAgent;

my $ua = LWP::UserAgent->new;
isnt get_cw ($ua), 'Peer certificate not verified', 'Verify = no warni
+ng';
$ua->ssl_opts (verify_hostname => 0);
is get_cw ($ua), 'Peer certificate not verified', 'No Verify = warning
+';

sub get_cw {
    my $lpw = shift;
    my $res = $lpw->head ('https://www.perlmonks.org/');
    my $cw  = $res->header ('Client-SSL-Warning') // '';
    return $cw;
}

    [download]

    🦛

[reply]
[d/l]
[select]
      No, all ssl_opts have been removed.
[reply]

In Section Seekers of Perl Wisdom