Hi All,
We are doing reCaptcha upgradation to version v2 in our webspeed application as Google is going to stop reCaptcha version v1 services. We are using libcurl external library for reCaptcha verification using culr POST option and getting "peer certificate cannot be authenticated with given ca certificates" error in our server logs during CURL certification authentication for secure communication. Our application code is deployed in AIX server. I don't have much idea on certification side so can anyone help me to identify what i can do to fix this issue.
Thanks,
Ajay Dhyani,
TLS clients have to validate the server's digital certificate using CA ROOT certificates downloaded to, and located on, the client's system.
You have to pass the path to the server's [PEM encoded] CA ROOT certificate file, or the directory path that holds the server's [PEM encoded] CA ROOT certificate file.
You can pass to libcurl the DLC/certs path you use with ABL client's TLS connections. Then use DLC/bin/certutil to add the needed CA ROOT certificates.
Hope that helped,
Mike Jacobs
Hi Michael,
we are already passing the CACertsDirectory path "$DLC/certs" to libcurl as mentioned below. I haven't changed anything in this class as we are already using it for our existing reCaptcha v1. In reCaptcha version 2 we had a change just in api's to display recaptcha and to verify the reCaptcha. During verification of reCaptcha there is just change in the RequestURL and the URL parameters. I just changed tat URL and request URL parameters and keep the libcurl call POST method same which was earlier. Now, I am just trying to understand what I need to change to resolve "peer certificate cannot be authenticated with given ca certificates" error. Is there could be any issue with the certificates in $DLC/certs path and we need to use upgrade them or reinstall them. Please advise.
lc-curl:easy_setopt(CurlOption:CAPATH, CACertsDirectory).
i-error = lc-curl:easy_perform().
Thanks & Regards,
Ajay Dhyani,