SSL CERTIFICATE_VERIFY_FAILED in aws cli

Question

I installed AWS CLI on the Windows server 2007 32bit.

aws --version
aws-cli/1.8.8 Python/2.7.9 Windows/2008Server 

I configure aws cli using keys

Once I run below command to test AWS S3, I get this SSL error:

aws s3 ls
[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:581)

Please help to get rid of this basic error.

Answer 1

If you want to use SSL and not have to specify the --no-verify-ssl option, then you need to set the AWS_CA_BUNDLE environment variable. e.g from PowerShell:

setx AWS_CA_BUNDLE "C:\Users\UserX\Documents\RootCert.pem" 

The PEM file is a saved copy of the root certificate for the AWS endpoint you are trying to connect to. To generate it, first export the certificate in DER format (For details on how to do this, see here). Then run the following command to convert to the PEM format:

openssl x509 -inform der -in "C:\Users\UserX\Documents\RootCert.der" -out RootCert.pem 

If you are using Powershell and not bash, then you will need to first install openssl.

For a full list of environment variables supported by the AWS CLI, see here

Answer 2

use this option with your cmd "--no-verify-ssl"

Answer 3

Not sure if it's related to to the OP's issue, however, one of our devs had this issue this morning, turned out he was using Fiddler (on Windows), to debug other issues. After stopping Fiddler (which was intercepting https traffic), the issue was resolved.