I'm currently running into an error when attempting to connect to JIRA using Python2.7 and the JIRA REST API (http://jira-python.readthedocs.org/en/latest/).
When I execute the following:
from jira.client import JIRA
options = {
'server': 'https://jira.companyname.com'
}
jira = JIRA(options)
I get the following error message in console:
requests.exceptions.SSLError: [Errno 1] _ssl.c:507: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Is there something that I may have missed or am doing incorrectly?
Thanks!
I know I'm late on this answer, but hopefully this helps someone down the road.
Why you shouldn't turn off verification
While turning off certificate verification is the easiest "solution", it is not an advisable thing to do. It essentially says, "I don't care if I trust you or not, I'm going to send you all my information anyway." This opens you up for a Man-in-the-Middle attack.
If you're connecting to your company's Jira server and it has a certificate for TLS/SSL, you should be verifying against that. I'd ask your IT department where that certificate is. It's probably in some root certificate for your company.
If you're connecting to the server in Chrome (for example) it should show a lock in the left-hand corner of address bar if it's secured over TLS/SSL.
You can Right-Click that lock -> Details -> View Certificate
in Chrome.
Okay, so what do I do?
Provide the necessary certificate to the verify
option directly.
jira-python
uses Requests
for HTTP stuff (See documentation).
And according to Requests documentation
you can specify a path to a certificate file in verify
.
Thus, you can provide the root certificate for your company in verify
like so:
jira_options = {
'server': jira_server_name,
'verify': 'path/to/company/root/certificate',
}
If you're using a Windows machine (a safe assumption?), that root
certificate is stored in the registry and the best way to get it
is using wincertstore
.
On Windows system please do the following:-
Once the .cer file is obtained, add it to the python script as follows:-
jira_options = {
'server': jira_server_name,
'verify': 'path_to_directory_containing_certificate_file/certificate.cer'
}
This should work without any security warnings.
I encountered a similar SSL certificate verification error and looking through the "JIRA" methods definitions, its possible to turn off the verification.
:param options: Specify the server and properties this client will use. Use a dict with any
of the following properties:
* server -- the server address and context path to use. Defaults to ``http://localhost:2990/jira``.
* rest_path -- the root REST path to use. Defaults to ``api``, where the JIRA REST resources live.
* rest_api_version -- the version of the REST resources under rest_path to use. Defaults to ``2``.
* verify -- Verify SSL certs. Defaults to ``True``.
* resilient -- If it should just retry recoverable errors. Defaults to `False`.
Try this :
from jira.client import JIRA
options = {'server': 'https://jira.companyname.com','verify':False}
jira = JIRA(options)
Just install python-certifi-win32 module, and this should help you get past these errors without any more hassle
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With