PKI Tutorials - Herong's Tutorial Examples - v2.32, by Herong Yang
Crypt::SSLeay Failing to Verify Server's Certificate
This section provides a tutorial example on how Crypt::SSLeay fails to verify HTTPS server's certificate using the HTTPS_CA_FILE environment variable, the CA certificate can not be found.
The test on https://login.yahoo.com finished nicely in the previous tutorial. It's time to play with another HTTPS server, www.paypal.com:
herong> Crypt_SSLeay_HTTPS_GET_with_CA.pl \ https://www.google.com/accounts/ServiceLogin \ > google.txt SSL_connect:before/connect initialization SSL_connect:SSLv2/v3 write client hello A SSL_connect:SSLv3 read server hello A SSL3 alert write:fatal:unknown CA SSL_connect:error in SSLv3 read server certificate B SSL_connect:error in SSLv3 read server certificate B SSL_connect:before/connect initialization SSL_connect:SSLv3 write client hello A SSL_connect:SSLv3 read server hello A SSL3 alert write:fatal:bad certificate SSL_connect:error in SSLv3 read server certificate B SSL_connect:before/connect initialization SSL_connect:SSLv2 write client hello A SSL_connect:failed in SSLv2 read server hello A Failed to GET 'https://www.google.com': 500 SSL negotiation failed: at C:\herong\Crypt_SSLeay_HTTPS_GET_with_CA.pl line 12.
Can you see what's wrong here? Here is my guess:
Table of Contents
Introduction of PKI (Public Key Infrastructure)
Introduction of HTTPS (Hypertext Transfer Protocol Secure)
Using HTTPS with Google Chrome
Using HTTPS with Mozilla Firefox
HTTPS with IE (Internet Explorer)
Android and Server Certificate
Windows Certificate Stores and Console
RDP (Remote Desktop Protocol) and Server Certificate
macOS Certificate Stores and Keychain Access
►Perl Scripts Communicating with HTTPS Servers
Installing Crypt::SSLeay 0.72 on Windows
LWP SSL verify_hostname Setting
LWP SSL List of Root CA Certificates
Crypt::SSLeay Test Perl Script
HTTPS Request and Response Example
Asking Crypt::SSLeay to Verify Server's Certificate
►Crypt::SSLeay Failing to Verify Server's Certificate
Multiple CA Certificates in a Single File
PHP Scripts Communicating with HTTPS Servers
Java Programs Communicating with HTTPS Servers
.NET Programs Communicating with HTTPS Servers
CAcert.org - Root CA Offering Free Certificates
PKI CA Administration - Issuing Certificates
Comodo Free Personal Certificate
Digital Signature - Microsoft Word
Digital Signature - OpenOffice.org 3