Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Trusting self signed certificate with Python requests

Tags:

python

ssl

apache

python-requests

My apache ssl conf has the following configs

#   Server Certificate:
SSLCertificateFile /etc/pki/tls/certs/localhost.crt

#   Server Private Key:
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key

I do not have the CA certificates for this server. Can I still install the localhost.crt into my clients to successfully verify my server?

On the client: I am using Python requests library (2.2.1). The default CA BUNDLE path is used. Even when I add the localhost.crt to the cacert.pem in the default path, I am unable to see the verification go through. I see the exception:

    File "/usr/lib/python2.7/site-packages/requests/adapters.py", line 385, in send
    raise SSLError(e)
SSLError: [Errno 1] _ssl.c:504: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

Am I doing anything wrong? Should I only add the CA who signed the localhost.crt in the server?

Thanks, Vijay

like image 423
Vijay Shankar Kalyanaraman Avatar asked Aug 06 '14 01:08

Vijay Shankar Kalyanaraman

People also ask

How do I request Python to trust a self signed SSL certificate?

Trust a self signed certificate in Python requests In the event you see this error, you will need to explicitly trust the certificates being returned by the external system if indeed they are to be trusted. To do this, use the verify parameter in your requests code to trust the certificate.

Can self-signed certificate be trusted?

Not trusted by browsers and usersSelf-signed SSL certificates are not trusted by browsers, because they are generated by your servers, and not validated by trusted CAs, like Cloudflare and Go Daddy.

How do I ignore SSL certificate in HTTP requests Python?

Method 1: Passing verify=False to request method The requests module has various methods like get, post, delete, request, etc. Each of these methods accepts an URL for which we send an HTTP request. Along with the URL also pass the verify=False parameter to the method in order to disable the security checks.

1 Answers

If you provided code and be more clear on what you're doing then you'd get a good answer.

If you want don't want to get the error even if you use an invalid certificate then try the verify=False attribute.

>>> requests.get('https://kennethreitz.com', verify=False)

If you want to use a custom certificate, then place the certificate in the script folder and use the cert=('/path/client.cert', '/path/client.key') argument.

>>> requests.get('https://kennethreitz.com', cert=('/path/client.cert', '/path/client.key')).

For more info read the docs.python-requests.org/en/master/user/advanced/ site

like image 191
Wally Avatar answered Sep 19 '22 14:09

Wally
Sign in to Comment

Related questions

IPython sys.path different from python sys.path
Matplotlib: check if grid is on?
How are bignums represented internally?
virtualenv doesn't copy all .py files from the lib/python directory
How does Garbage Collection work with multiple running processes/threads?
Python 2.7 how parse a date with format 2014-05-01 18:10:38-04:00 [duplicate]
Gtk 3, python, appindicator, disable icon near label
NLTK - Multi-labeled Classification
How to prevent accidental publish Python pacakge using setup.py
Capturing output of subprocess.Popen() with nose
Printing a file and configure printer settings
Using Flask-SQLAlchemy Event API to broadcast to Flask-SocketIO?
Python Pandas: Get row by median value
admin.py for project, not app
pip wheel conditional dependencies
How can I detect a palindrome in Hebrew?
Python - pip install pandas, not working
Double integral with function and sampled data Python
Testing Django allauth
Proper use of Flask-ldap

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!