Loading ...
Sorry, an error occurred while loading the content.

1909Re: [soaplite] SOAP and SSL Client Certificates

Expand Messages
  • Ajit Deshpande
    Oct 9, 2002
      On Wed, Oct 09, 2002 at 08:22:51AM -0700, Byrne Reese wrote:
      > [..]
      > the service via HTTPS. As for client certificate based authentication...
      > let me get back to you. We solved this at GCC, but I have to dig through
      > some code. Let me ping an engineer who got this working and see if he
      > can help.

      Concidentally, I was just researching this yesterday! i.e. how to do SSL
      Client Certificate authentication from a perl client using SOAP::Lite.
      And my research led to the same conclusion as yours above:
      i.e. simply use an https://blah as your proxy for the SSL connection.

      Now, as regards the Client certificate, the trick seems to lie in
      the declaring an environment variable. The following is from the
      Crypt::SSLeay documentation:

      [..]
      use LWP::UserAgent;
      my $ua = new LWP::UserAgent;
      my $req = new HTTP::Request('GET', 'https://www.nodeworks.com');
      my $res = $ua->request($req);
      print $res->code."\n";

      # PROXY SUPPORT
      $ENV{HTTPS_PROXY} = 'http://proxy_hostname_or_ip:port';

      # PROXY_BASIC_AUTH
      $ENV{HTTPS_PROXY_USERNAME} = 'username';
      $ENV{HTTPS_PROXY_PASSWORD} = 'password';

      # DEFAULT SSL VERSION
      $ENV{HTTPS_VERSION} = '3';

      # CLIENT CERT SUPPORT
      $ENV{HTTPS_CERT_FILE} = 'certs/notacacert.pem';
      $ENV{HTTPS_KEY_FILE} = 'certs/notacakeynopass.pem';

      # CA CERT PEER VERIFICATION
      $ENV{HTTPS_CA_FILE} = 'certs/ca.crt';
      $ENV{HTTPS_CA_DIR} = 'certs/';
      [..]

      I haven't yet implemented the system -- but just thought I'd share this
      with the list, since it was quite frustratting to track down the above
      information for me :)

      Maybe, we could put in a blurb in SOAP::Lite documentation. Also, there
      needs to be a blurb in the LWP::UserAgent documentation -- because that
      is where people first start looking.

      Ajit
    • Show all 9 messages in this topic