Greetings wise brothers, I seek your advice on secret communication an how we can be sure we know who we are talking to.

Specifically, I am trying to get LWP::UserAgent running inside a locally compiled perlbrew install, to accept a corporate root cert.

At my company, IT have created a private SSL certificate keypair, and used it to sign the ssl certs on numerous internal servers. They also publish the public half of the SSL cert which (on ubuntu) I have installed in /etc/ssl/certs/ where it is accepted by system perl, firefox, wget etc.

For some reason the corporate public certificate is not accepted by a perlbrew install of perl 5.10 that I have compiled localy. Do I need to install the corporate root cert somewhere else for perlbrew to accept it?

Code to reproduce

use strict;
use warnings;

use XML::Simple;
use LWP::UserAgent;
use Data::Dumper;

my $url = "https://--- REDACTED ----";
my $parser = new XML::Simple;
my $ua = new LWP::UserAgent;

# $ua->ssl_opts( verify_hostname => 0 ,SSL_verify_mode => 0x00);

my $req = new HTTP::Request('GET', $url);
my $resp = $ua->request($req);

# print "Result from fetching $url : " . Dumper($resp);

if( $resp->is_success() ){
    # print "Result content: ". $resp->content;
    
    eval{
        my $parsed_xml = $parser->XMLin($resp->content, ForceArray => 
+['publishedfile']);
    };
    if( $@ ){
        print "Error parsing XML: $@";
    }
    else
    {
        print "File downloaded and XML parsed OK"
    }
}
else
{
    die "Error fetching $url : ".$resp->message;
}
[download]

This code works fine using Ubuntu's system perl on all the versions of Ubuntu I could find. It also works if I uncomment the $ua->ssl_opts( verify_hostname => 0 ,SSL_verify_mode => 0x00); line, But it fails on line 35 with  Can't connect to REDACTED:443 (certificate verify failed) at scripts/dev/test_ssl_download.pl line 35. if I use perlbrew perl.

Any ideas?

NB: I asked this question in chatterbox about an hour ago, but did not get a reply, so I am re-posting as a perl question.