Reputation: 6162
using self-signed certificates with requests in python
Situation : The target site (a pre-prod URL, say https://my-pre-prod-site.com/login, for example) is using a self-signed certificate. From the browser, the site is accessible over https without any issues (the self-signed certificate warning is suppressed by adding the certificate to the trust store in the browser)
Problem Statement : A simple python script that makes a get call to the target site using requests fails with either of the below errors in different situations :
requests.exceptions.SSLError: [Errno 0] _ssl.c:344: error:00000000:lib(0):func(0):reason(0)
or
requests.exceptions.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590) The simple script used (on the python prompt) is :
import requests
res = requests.get('https://my-pre-prod-site.com/login')
**Things already tried **
- I do NOT want to skip the ssl verification. Hence, verify = false is not an option for me.
- I have already used the below with the same error
res = requests.get('https://my-pre-prod-site.com/login', verify = os.path.join(os.getcwd(),'test.pem') where test.pem is a pem file created by concatenating the output of the below commands in that order :
openssl rsa -in ~/Desktop/CertPath/private.key -check
and
openssl x509 -pubkey -noout -in ~/Desktop/CertPath/certificate.pem
The script is run from ~/Desktop/CertPath so getcwd() gives the right path to the certificate.
- I tried another test.pem file as well where the order of concatenation was reversed. It still throws the same error.
- Have tried passing the .pem file holding the public key and the .key file holding the private key, separately (individually) as well, with the same error as the outcome.
Environment details if it helps
OS - ElCapitan Mac
Requests - 2.9.0
Python - 2.7.10
OpenSSL being used by Python - 'OpenSSL 0.9.8zg 14 July 2015'
Note - The openssl version does not seem to be an issue. Because even with an updated version of openssl, the errors are the same - tested on Ubuntu with Python 2.6 that uses the Openssl 1.x
Upvotes: 7
Views: 9200
Answers (2)
Reputation: 321
This question is old but In case someone wonders off here.
You are putting the private key and public key in you test.pem. This is wrong. What verify param requires is certs which it can trust.
res = requests.get('https://my-pre-prod-site.com/login', verify = os.path.join(os.getcwd(),'test.pem')
The test.pem is supposed to contain the list of all the Trusted Certificates. But what you're providing in your test.pem is your public and private key. You're ~/Desktop/CertPath/certificate.pem file itself should go into it.
Try this:
res = requests.get('https://my-pre-prod-site.com/login', verify = '~/Desktop/CertPath/certificate.pem')
Upvotes: 6
Reputation: 11942
In order to specify certificate for SSL verification you can use :
requests.get('https://my-pre-prod-site.com/login', cert=os.path.join(os.getcwd(),'test.pem'))
Upvotes: -1
Related Questions
- How do I disable the security certificate check in Python requests
- Correct way to try/except using Python requests module?
- certificate verify failed: unable to get local issuer certificate
- How can I make git accept a self signed certificate?
- Download large file in python with requests
- Failed to validate self-signed certificate with python-requests
- How to POST JSON data with Python Requests?
- How to authenticate self signed certificate with password using Python requests