I'm trying to connect to my corporate's internal webpages through the requests package, but since python does not use the windows default trusted certificates the connection is denied. I found out that wincertstore can be used to fetch the windows default certificates. But I'm still not sure how to use that along with the my request. Below is the code I have tried so far.............
import requests, socket, atexit, ssl, wincertstore
from requests.auth import HTTPBasicAuth
certfile = wincertstore.CertFile()
certfile.addstore("CA")
certfile.addstore("ROOT")
atexit.register(certfile.close)
ssl_sock = ssl.wrap_socket(s,ca_certs=certfile.name,
cert_reqs=ssl.CERT_REQUIRED)
requests.get(url)
I get the following error...................
requests.exceptions.SSLError: HTTPSConnectionPool(host='myhost', port=443): Max retries exceeded with url: myurl (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')],)",),))
I am able to use wget on the same url and download the content.
wget --no check certificate --user=my username --password=my password URL
But I am not interested in downloading the content as I only need to scrape a small portion of the webpage content.
Pythin version = 3.6.5
Wincertstore link - Link
Thanks in advance for your help..............
On Windows, Python automatically loads certificates from the Windows certificate store.
wincertstore provides an interface to access Windows' CA and CRL certificates. It uses ctypes and Windows's sytem cert store API through crypt32. dll.
By default, the Python ssl module uses the system CA certificate bundle - /etc/pki/tls/certs/ca-bundle.
This package patches certifi at runtime to also include certificates from the windows certificate store. This will allow packages such as requests (and tools based on it, like pip) to verify tls/ssl connections to servers who's ca is trusted by your windows install.
I had a similar issue and fixed it using the python-certifi-win32 package:
pip install python-certifi-win32
now you can just use:
requests.get(url, verify=True)
and the certificate is checked using the Windows Certificate Store.
Edit: This only works if the certificate is installed in the Windows Certificate Store...
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With