Perl 具有自签名客户端证书的相互身份验证SSL
在我们公司,我目前有一个通过SSL通过HTTPS连接到外部供应商的脚本。该脚本仅执行服务器身份验证。就是这样:Perl 具有自签名客户端证书的相互身份验证SSL,perl,ssl,mutual-authentication,Perl,Ssl,Mutual Authentication,在我们公司,我目前有一个通过SSL通过HTTPS连接到外部供应商的脚本。该脚本仅执行服务器身份验证。就是这样: use HTML::Parser; use HTTP::Request::Common; use LWP::UserAgent; use XML::Simple; local $ENV{HTTPS_CERT_FILE} = '../cert/abc.vendor.crt'; local $ENV{HTTPS_PROXY} = 'https://proxy.com:8080'; loc
use HTML::Parser;
use HTTP::Request::Common;
use LWP::UserAgent;
use XML::Simple;
local $ENV{HTTPS_CERT_FILE} = '../cert/abc.vendor.crt';
local $ENV{HTTPS_PROXY} = 'https://proxy.com:8080';
local $ENV{HTTPS_DEBUG} = 0;
my $vendor_server = 'https:abc.vendor.site.com';
my $xml = "XML code here";
my $request = (POST $vendor_server, Content_Type => 'text/xml; charset=utf-8', Content => $xml);
my $ua = LWP::UserAgent->new();
my $response = $ua->request($request);
if ( $response->is_success() ) {
return $response;
}
else {
return "Error message";
}
这是根据需要工作的,但由于严格的法规遵从性和安全性,我们现在需要通过自签名证书使其成为“相互身份验证”。我尝试将HTTPS\u调试更改为1,并在其后面添加以下两行。“myserver.crt”是我创建CSR后的一个内部自签名证书(我希望这些细节是正确的,很明显,我对SSL不是很精通):
但在运行脚本时,我遇到以下错误:
Connecting to abc over SSL and sending POST
SSL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A
SSL_connect:SSLv3 read server hello A
SSL3 alert write:fatal:unknown CA
SSL_connect:error in SSLv3 read server certificate B
SSL_connect:error in SSLv3 read server certificate B
SSL_connect:before/connect initialization
SSL_connect:SSLv3 write client hello A
SSL_connect:SSLv3 read server hello A
SSL3 alert write:fatal:bad certificate
SSL_connect:error in SSLv3 read server certificate B
SSL_connect:before/connect initialization
SSL_connect:SSLv2 write client hello A
SSL_connect:failed in SSLv2 read server hello A
Ticket FAILED
$VAR1 = '500 SSL negotiation failed: ';
我做错了什么
谢谢你的帮助 您需要更好的错误报告。提供echo-n | openssl s|u client-CAfile foo.crt-connect example.com:443@daxim,$>echo-n | openssl s|u client-CAfile foo.crt-connect example.com:443〈代码〉13142:错误:0201002:系统库:fopen:没有这样的文件或目录:bss|u file.c:104:fopen('foo.crt','r'))
13142:error:2006D080:BIO例程:BIO_new_文件:没有这样的文件:bss_文件。c:107:
13142:error:0B084002:x509证书例程:x509_load_cert_crl_文件:系统库:by_文件。c:279:
连接:没有到主机的路由连接:errno=113
…谢谢……当我使用mycert.crt而不是mycert.crt时foo,$>echo-n | openssl s|u client-CAfile../etc/wpidev1.crt-connect example.com:443connect:No route to host
connect:errno=29
另请参阅和。
Connecting to abc over SSL and sending POST
SSL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A
SSL_connect:SSLv3 read server hello A
SSL3 alert write:fatal:unknown CA
SSL_connect:error in SSLv3 read server certificate B
SSL_connect:error in SSLv3 read server certificate B
SSL_connect:before/connect initialization
SSL_connect:SSLv3 write client hello A
SSL_connect:SSLv3 read server hello A
SSL3 alert write:fatal:bad certificate
SSL_connect:error in SSLv3 read server certificate B
SSL_connect:before/connect initialization
SSL_connect:SSLv2 write client hello A
SSL_connect:failed in SSLv2 read server hello A
Ticket FAILED
$VAR1 = '500 SSL negotiation failed: ';