Can’t verify SSL peers without knowning which Certificate Authorities to trust

Yes that does say “knowning” but its not my typo its the actual error message displayed!

So anyway, you were happily going about your business when suddenly without any warning one of your scripts stopped working.. a script that perhaps called an api such as cPanel or anything using SSL.. what happened?!

Digging deeper you find this error message..

File does not exist: Can’t verify SSL peers without knowning which Certificate Authorities to trust
This problem can be fixed by either setting the PERL_LWP_SSL_CA_FILEenvirionment variable or by installing the Mozilla::CA module.
To disable verification of SSL peers set the PERL_LWP_SSL_VERIFY_HOSTNAMEenvirionment variable to 0.  If you do this you can’t be sure that youcommunicate with the expected peer.

Where is this mysterious error coming from? Well chances are you just upgraded to LWP 6 – or your cPanel dutifully updated it for you. The all new LWP actually verifies SSL certificates, which is generally not a bad idea. The changes are described here..

Don’t Panic! There are ways to fix this.. first way is to do as the error message says and simply install Mozilla::CA from cpan or wherever you get your perl modules from. As long as you are connecting to a server with a ‘proper’ certificate it should be fine. If however it’s just a self-signed certificate or for some reason the cert details don’t quite match the host then it probably still wont work but all is not lost – you can make LWP 6 act like it used to in the good (or bad) old days by simply setting ssl_opts from LWP::UserAgent in your script like so..

$ua->ssl_opts( verify_hostname => 0 );

Sorted. (but maybe better to correctly install a proper ssl cert)


You may also like...