Beefy Boxes and Bandwidth Generously Provided by pair Networks
Syntactic Confectionery Delight
 
PerlMonks  

"certificate verify failed" error while trying to connect to https:// site using use WWW::Mechanize

by sam_bakki (Pilgrim)
on Jul 17, 2011 at 13:20 UTC ( [id://914945]=perlquestion: print w/replies, xml ) Need Help??

sam_bakki has asked for the wisdom of the Perl Monks concerning the following question:

Dear Monks

I am trying to connect to https web site (actually it is collabnet site, we have project tracker in it) and trying to download some content.

Since it is password protected page, I used WWW::Mechanize module. (Activeperl 5.14, x64, windows 7). I do have Crypt::SSLeay comes with ActivePerl 5.14

When I tried to get the content from web site using below code, I get Error GETing https://www.collabnet.com/: Can't connect to www.collabnet.com:443 (certificate verify failed) Error

What I know is, I need to set HTTPS_CA_DIR path but i do not know where should I point this in windows os. This https://www.collabnet.com/ is perfectly working using internet explorer.

Here is my code, Please help me to solve this problem. Thanks in Advance

use strict; use warnings; use WWW::Mechanize; use Crypt::SSLeay; #Globals my $browser; my $url; #Down load the CCB search queries $browser=WWW::Mechanize->new(agent=>'Windows IE 6',cookie_jar => {},no +proxy =>1); #$url=http://www.google.com - works $url='https://www.collabnet.com/'; $browser->get($url); print $browser->content(format=>'text');

UPDATE: Solved :)
Hi Monks,
I have solved this problem. I do not want my perl application to verify host certificate, so I exported following environment variable ,
$ENV{PERL_LWP_SSL_VERIFY_HOSTNAME}=0;
Everything works well :)

Learning: Need to read LWP doc properly

Replies are listed 'Best First'.
Re: "certificate verify failed" error while trying to connect to https:// site using use WWW::Mechanize
by rkrieger (Friar) on Jul 17, 2011 at 15:00 UTC

    Alternatively, you could place the CA certificate of the party that issued the certificate for your target web site in the HTTPS_CA_DIR. Most commercial CA's link to it on their web site or you may already have it.

    As to the setting for HTTPS_CA_DIR: you could create any convenient directory in your code base to hold the certificate and point to that. You may as well keep it close to your code.

    Windows places its certificates in special certificate stores (which explains your result in Internet Explorer) that AFAIK are not that easily accessible to non-MS applications.

      Hi rkrieger

      I have exported the certificate (in my case it is COMODOHigh-AssuranceSecureServerCA ) from internet explorer to a directory as a .cer file.

      After that I set


      $ENV{HTTPS_CA_DIR} = 'C:\temp\cert'; $ENV{HTTPS_DEBUG} = 1; $ENV{HTTP_DEBUG} = 1;

      but still it is not working , I get the same Error GETing https://www.collabnet.nxp.com/sf/sfmain/do/home: Can't connect to www.collabnet.nxp.com:443 (certificate verify failed) error

      Thanks

        First off: check whart sort of format you exported from your browser. You'll want PEM (plain base64 text with a -----BEGIN CERTIFICATE----- line at start). Try opening your file in a text editor and check if that's what you have. Export in different formats or convert your current file to PEM format (see the OpenSSL manual for that or the openssl) man page on a Unix system.

        In short: when using HTTPS_CA_DIR you need a directory with PEM certificates in files named according to the hash of their (certificate) subject name. Perhaps HTTPS_CA_FILE is more useful for you (if you only have a single CA certificate to handle).

        Why? The CA file directory should hold files in so-called PEM format and follow the instructions as listed in Crypt::SSLeay under Client Certificate Support. In fact, that points to the OpenSSL docs again with more instructions.

Re: "certificate verify failed" error while trying to connect to https:// site using use WWW::Mechanize
by Anonymous Monk on Jul 17, 2011 at 13:33 UTC

    What I know is, I need to set HTTPS_CA_DIR path but i do not know where should I point this in windows os.

    Windows doesn't exactly have such a thing, so install Mozilla::CA

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: perlquestion [id://914945]
Front-paged by Arunbear
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others chanting in the Monastery: (9)
As of 2024-03-28 14:46 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found