SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed

Question

I am using python 2.7.10

request = urllib2.Request(url, data=urllib.urlencode(params))
f = urllib2.urlopen(request))

cause the following exception:

urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590)

URL is a website hosted in IIS with our organizations ca sign cert. I have already imported the root cert into windows certificate manager and I am able to open the URL in browser securely without encountering message like "There is a problem with this website’s security certificate."

How do I go about troubleshooting this issue? I do not want to disable the SSL verification

Answer 1

When you access URL through browser, you browser becomes client and server becomes on which Web site is hosted. Now, since you have imported CA certificate for browser, that's why web site is opening without error in browser.

Now, when you open same website from your python script, client becomes your python script and it is not aware of this CA certificate. Python script do not use the Windows Certificate Store, so you will have to specify a CA certificate against which the certificate verification will be done.

So, you have tell explicitly to script regarding CA certificate which can as follow:

urllib2.urlopen("https://dinesh.com", cafile="test_cert.pem")

You can find the documentation here: urllib2.urlopen.

UPDATE

Snippet from the above link:

The optional cafile and capath parameters specify a set of trusted CA certificates for HTTPS requests. cafile should point to a single file containing a bundle of CA certificates, whereas capath should point to a directory of hashed certificate files. More information can be found in ssl.SSLContext.load_verify_locations().