I have an Amazon linux 2 VM and I am making a python requests from this VM. For making the request I am using self signed certificate.
I have appended the self signed certificate file content to the file "/etc/pki/tls/certs/ca-bundle.crt".
The CURL command works fine, however when making requests using python's requests method it throws below error.
ERROR : (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1091)'))
I tried using "verify" parameter for Python requests method by providing path of both "MyAppcert.crt" as well as "ca_bundle.crt" files, however both approach fails.
import requests
requests.get("https://<my-endpoint>:8888/", verify="/home/ec2-user/ssl_cert/MyAppcert.crt")
This same use case works fine on Windows server.
Any help will be appreciated.
Regards,
Rahul Kumbhar
CodePudding user response:
@SteffenUllrich Thank you for the response. I verified my certificate using "openssl x509 -in file.pem -text" and found that "keyUsage = Certificate Sign" was missing. After creating new certificate with "keyUsage = Certificate Sign" the issue was resolved.
CodePudding user response:
you need to fake the SSL when you send the socket. Try this in your code:
import ssl
# Ignore SSL certificate errors
ctx = ssl.create_default_context()
ctx.check_hostname = False
ctx.verify_mode = ssl.CERT_NONE
or
import ssl
ssl._create_default_https_context = ssl._create_unverified_context
Both working very well for me, for example - https://twitter.com/bro_dev_/status/1447598426120720384?s=20 I have run this code today and it worked. from: https://github.com/webprice/python-twitter-examples/blob/f8ad6f69f423afdcbd83d89cc7e17e2f61d92ed4/bs4_SSL