Child pages
  • How to configure Perl SSL certificate chain
Skip to end of metadata
Go to start of metadata

When trying to send a request using the HTTPS protocol in a Perl script using "LWP::UserAgent" module and faced with the following error :

[...] Status response is 500 Can't connect to hostname:443 (certificate verify failed)
or
[...] Status response is 500 Can't connect to hostname.int:443 (Bad file descriptor)

Why is this happening ?

This is because the hostname you are trying to reach is not in the SSL certificates known by Perl. Maybe because Perl is not configured at all or because the hostname is certified by a self-signed or company certificate which is not part of the known certificates.

How to resolve the issue

Verify that Perl module "Mozilla::CA" is installed

  1. Execute the following command :

    perldoc -l Mozilla::CA
  2. If the output is "/path/to/perl/lib/version/Mozilla/CA.pm" :
    1. Then the module is already installed.
    2. Proceed to the "Install self-signed or company cerificate" section.
  3. If the output is "No documentation found for Mozilla::CA" :
    1. Install "Mozilla::CA" module : https://www.cpan.org/modules/INSTALL.html

Install self-signed or company certificate

  1. Go in the "Mozilla::CA" module installation folder : "/path/to/perl/lib/version/Mozilla".
  2. In folder named "CA", a "cacert.pem" file should be present.
  3. Append your self-signed or company certificate at the end of this "cacert.pem" file.

On Linux, if your certificate is already in the system-wide's certificate library, then you can create a symbolic link targetting the system-wide ".pem" file

ln sfn /path/to/system/wide/ca-bundle.pem cacert.pem