Thanks for all the help.
This SSL deal is making a lot more sense to me right now. I have added
the following lines to my perl code:
$ENV{'HTTPS_DEBUG'} = 1;
$ENV{'HTTPS_CERT_FILE'} = '/usr/share/ssl/certs/pub_test.crt';
# $ENV{HTTPS_KEY_FILE} = # I don't have. Hopefully is not needed
It still fails. Line 12 of the output says "bad certificate". I am
wondering is there is a way to make sure that the UserAgent is actualy
sending out my certificate file pub_test.crt?
Thanks again.
Poly
OUTPUT
=====SSL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A
SSL_connect:SSLv3 read server hello A
SSL_connect:SSLv3 read server certificate A
SSL_connect:SSLv3 read server certificate request A
SSL_connect:SSLv3 read server done A
SSL_connect:SSLv3 write client certificate A
SSL_connect:SSLv3 write client key exchange A
SSL_connect:SSLv3 write change cipher spec A
SSL_connect:SSLv3 write finished A
SSL_connect:SSLv3 flush data
SSL3 alert read:fatal:bad certificate
SSL_connect:failed in SSLv3 read finished A
SSL_connect:before/connect initialization
SSL_connect:SSLv3 write client hello A
SSL_connect:SSLv3 read server hello A
SSL_connect:SSLv3 read server certificate A
SSL_connect:SSLv3 read server certificate request A
SSL_connect:SSLv3 read server done A
SSL3 alert write:warning:no certificate
SSL_connect:SSLv3 write client certificate A
SSL_connect:SSLv3 write client key exchange A
SSL_connect:SSLv3 write change cipher spec A
SSL_connect:SSLv3 write finished A
SSL_connect:SSLv3 flush data
SSL3 alert read:fatal:bad certificate
SSL_connect:failed in SSLv3 read finished A
SSL_connect:before/connect initialization
SSL_connect:SSLv2 write client hello A
SSL_connect:failed in SSLv2 read server hello A
Failed: 500 SSL negotiation failed: error:1406D0FD:SSL
routines:GET_SERVER_HELLO:unknown remote error type
500 (Internal Server Error) SSL negotiation failed: error:1406D0FD:SSL
routines:GET_SERVER_HELLO:unknown remote error type
Client-Date: Thu, 11 Sep 2003 22:23:25 GMT
> [EMAIL PROTECTED] wrote:
> > Josh,
> > Thank you a lot for replying.
> > I went through the perldoc and did the following:
> >
> > 1. copy the certificates in a directory under the html
> > 2. set the ENV variables,
> > export HTTPS_CA_FILE=/certs/wbmQA_cert.cer
> > export HTTPS_CA_DIR=/certs/
> > 3. set the debug mode
> > Is ther a way to tell from the output below what went wrong?
> >
>
> I think you wanted to use these for client site cert...
>
> # CLIENT CERT SUPPORT
> $ENV{HTTPS_CERT_FILE} = 'certs/notacacert.pem';
> $ENV{HTTPS_KEY_FILE} = 'certs/notacakeynopass.pem';
>
> The CA stuff is to verify the server cert.
>
> --Josh
>
> > Thanks again
> >
> > ===OUTPUT
> > SL_connect:before/connect initialization
> > SSL_connect:SSLv2/v3 write client hello A
> > SSL_connect:SSLv3 read server hello A
> > SSL3 alert write:fatal:unknown
> > SSL_connect:error in SSLv3 read server certificate B
> > SSL_connect:error in SSLv3 read server certificate B
> > SSL_connect:before/connect initialization
> > SSL_connect:SSLv3 write client hello A
> > SSL_connect:SSLv3 read server hello A
> > SSL3 alert write:fatal:bad certificate
> > SSL_connect:error in SSLv3 read server certificate B
> > SSL_connect:before/connect initialization
> > SSL_connect:SSLv2 write client hello A
> > SSL_connect:failed in SSLv2 read server hello A
> > Failed: 500 SSL negotiation failed: error:1406D0FD:SSL
> > routines:GET_SERVER_HELLO:unknown remote error type
> > 500 (Internal Server Error) SSL negotiation failed:
error:1406D0FD:SSL
> > routines:GET_SERVER_HELLO:unknown remote error type
> > Client-Date: Tue, 09 Sep 2003 22:41:09 GMT
> > ======
> >
> >
> >
> >
> >
> >
> >
> >>[EMAIL PROTECTED] wrote:
> >>
> >>>I have added SSL support to my libwww and I am able to download
> >
> > some
> >
> >>>sites with the LWP::UserAgent. The problem is that there is a site
> >
> > that
> >
> >>>needs me send a certificate for identification otherwise I get the
> >>>response:
> >>>
> >>>Failed: 500 SSL negotiation failed: error:1406D0FD:SSL
> >>>routines:GET_SERVER_HELLO:unknown remote error type
> >>>
> >>>Please notice that when I use the browser IE for that URL, it
> >
> > prompts
> >
> >>>me with that client authentication window: "The web site you want
> >
> > to
> >
> >>>view request identification. Select the certificate to use when
> >>>connecting." Then I can put the certifcate file there and have
the
> >>>browser retrieve the page.
> >>>
> >>>My question is, how can I send a certificate to a server along
with
> >>>with my form post? Thanks a lot for the help.
> >>>
> >>
> >>If you are using Crypt::SSLeay for SSL, then check out the "perldoc
> >
> > Crypt::SSLeay"
> >
> >>You will find these settings described which may be useful:
> >>
> >> # CLIENT CERT SUPPORT
> >> $ENV{HTTPS_CERT_FILE} = 'certs/notacacert.pem';
> >> $ENV{HTTPS_KEY_FILE} = 'certs/notacakeynopass.pem';
> >>
> >> # CA CERT PEER VERIFICATION
> >> $ENV{HTTPS_CA_FILE} = 'certs/ca-bundle.crt';
> >> $ENV{HTTPS_CA_DIR} = 'certs/';
> >>
> >> # CLIENT PKCS12 CERT SUPPORT
> >> $ENV{HTTPS_PKCS12_FILE} = 'certs/pkcs12.pkcs12';
> >> $ENV{HTTPS_PKCS12_PASSWORD} = 'PKCS12_PASSWORD';
> >>
> >>Regards,
> >>
> >>Josh
> >>
> >>________________________________________________________________
> >>Josh Chamas, Founder phone:925-552-0128
> >>Chamas Enterprises Inc. http://www.chamas.com
> >>NodeWorks Link Checker http://www.nodeworks.com
> >>
> >>
> >
> >
>
>
Street
www.netforall.com/Street
