On 05/25/2015 12:02 PM, Mike Blezien wrote:
Hello, I recently setup a Paypal IPN script which worked fine for some time now but now all of a sudden I keep getting these error message: * **Can't connect to www.paypal.com:443 (certificate verify failed)** **LWP::Protocol::https::Socket: SSL connect attempt failed with unknown error error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed at /usr/local/share/perl5/LWP/Protocol/http.pm line 41. *I use same IPN script on other servers without any issues except one. Is it possible that port 443 is being block or not open due a firewall on the server? Any suggestion would be appreciated. --
While it is *POSSIBLE* that a blocked port is causing your grief, that is not the most likely explanation.
Has it *NEVER* worked on this server, or worked until recently? Your email was vague on this point.
The exact error is telling you that the OpenSSL library (which is ultimately where LWP gets its SSL support) cannot verify the origin of the certificate chain that Paypal is offering.
Compare the contents of /etc/ssl/certs (the exact directory will vary based on which Linux distribution you are using, but it will be something similar) on a 'working' server with the 'not-working' server.
openssl s_client will allow you to attempt a connection and turn on substantial diagnostics to see the certificate that is being offered by the server, and (most importantly) the issuer for that certificate and the issuer's hash -- which will lead you to find the correct CA cert you need to add.
(Alternatively, if your problem *is* a blocked port, you will get enough diagnostic from s_client to show you that it can't even GET the server's cert -- but the error message makes me 99% certain that you are already past that point in the SSL handshake)
-- To unsubscribe, e-mail: beginners-unsubscr...@perl.org For additional commands, e-mail: beginners-h...@perl.org http://learn.perl.org/
