verify_hostname => 0,
 SSL_ca_file     => 'cert.crt',
[download]

ssl_opts => {
 verify_hostname => 0,
 SSL_ca_file     => 'cert.crt',
}
[download]

I tried that change got the same error

anything else you can think of that I can look at to narrow down what the problem is ? Thanks!

That's weird, could you pls reply and paste your code again (after you added ssl_opts) ?

I have 5.8.8 perl installed on our machine. Thanks

#!/usr/bin/perl -l

use strict;
use warnings;
use HTTP::Headers;
use HTTP::Request;
use LWP::UserAgent;

my $UPDATE_SERVER = "https://something.com";

my $ua = LWP::UserAgent->new;

    ssl_opts => {
        verify_hostname => 0,
        SSL_ca_file     => 'ops-cert-O.crt',
    };
$ua->timeout(10);
#$ua->agent("");

my $req = HTTP::Request->new( GET => $UPDATE_SERVER );
my $res = $ua->request($req);

print "header ----" . $res->headers_as_string;
print "response ---" . $res->as_string;
[download]

Hmmm!

Your stuff looks all wrong to me. The SSL_ca_file refers to the certificate of the CA (certification authority) not the authentication certificate of a client.

From what I know an http authentication can not be done with a certificate. It is done with user credentials (username/passwords) protected by an encrypted communication (https). The certificates only allow to secure your are connected to the correct server.

Depending on your architecture the authentication processes might be implemented with different services. I assume in your case a first layer of authentication is implemented with user credentials and a second security layer is an ssh authentication service. Once you are authenticated with the user credentials, the ssh service validates a user certificate (private key) and a token is passed to the application server. This token will allow you to start an session.

For more help I guess any monks will need more information as to what you want to do.

K

From what I know an http authentication can not be done with a certificate. It is done with user credentials (username/passwords) protected by an encrypted communication (https).

No, HTTPS authentication can be done with a certificate. However I am not sure if LWP allows this. And yes SSL_ca_file is possible incorrect option. Documentation for this stuff should be somewhere here http://search.cpan.org/perldoc?IO%3A%3ASocket%3A%3ASSL

I checked this on CPAN and did not find any option for this. The more I read the more I think we are dealing here with a ssh connection over port 22.

K

The best medicine against depression is a cold beer!

Our primary task is to use the CERTIFICATE and RSA PRIVATE KEY to connect to the host machine, once connected the host machine we need to make multiple https/http request to download some file. So there are no user level credentials that need to be verified just need to user the cert.crt file which has them the CERTIFICATE and RSA PRIVATE KEY. Thanks!

Hi,

OK! It is a less sophisticated authorization scheme than the one I though of. LWP will not provide you with the appropriate feature.

Schematically you authenticate against the openssh daemon and query the web-server afterwards. Meaning the web server shells out to the openssh daemon, captures its return code and authorizes you or not. The implementation details for Apache is here: http://httpd.apache.org/docs/2.0/ssl/ssl_howto.html#accesscontrol

Net::SSSLeay offers a solution to your problem. Solution descrption at http://search.cpan.org/~mikem/Net-SSLeay-1.54/lib/Net/SSLeay.pod. Search for =>Using client certificates<= in the page.

Test:Try to open an ssh session against port 443 or 80. If you get a prompt, enter GET+Return. If you see HTML on the console, you can use the module above. Do not worry if the ssh session disconnects.

K

The best medicine against depression is a cold beer!