Reputation: 958
SSL handshake error (CERTIFICATE_VERIFY_FAILED) in grpc++
I am unable to change find the SSL certificate that the grpc speech recognition application uses.
I need to change the certificates as I am under a secure network which monitors all the HTTPS traffic and uses a different certificate than default.
While running the above mentioned speech recognition example, I am getting the error as
E0128 15:20:51.191576608 7156 ssl_transport_security.cc:1233] Handshake failed with fatal error SSL_ERROR_SSL: error:1000007d:SSL routines:OPENSSL_internal:CERTIFICATE_VERIFY_FAILED
I tried to find the location where I can change the SSL certificates and put the certificate provided by the XYZ framework. I have XYZ.pem certificate file which I put in \etc\ssl\certs but nothing changed.
Can someone help me resolve this?
Upvotes: 3
Views: 15388
Answers (2)
Reputation: 46
I also faced a similar problem, as I was using my company's system.
I can tell what resolved it, but not sure will work on your system as well.
First, I was adviced to use rest instead of grpc, which google uses by default. For example,
genai.configure(api_key="GEMINI_API_KEY", transport="rest")
Next, when u do that you will most likely receive a link to an external host in the bunch of error statements. When u go to that site it will show as
page not found
But, don't worry go to
view site information -> Connection is secure -> Certificate is valid
It will open up the dialogue box of your system's VPN, then go to
Details -> Certificate Hierarchy -> Select the top most drop down -> Export -> In format choose certificate chain, instead of single certificate -> Open the downloaded certificate in terminal -> Copy everything from ----Begin Certificate--- to ----End Certificate----
Now, open up your ide, I was using python environment so, go to
myenv -> lib -> Certifi ->
cacert.pemfile -> append the everything you copied at the end of the file
This should resolve the error, or most likely the process will be similar to this.
Upvotes: 0
Reputation: 958
This solved my problem.
Just go to /etc/ssl/certs and find where the ca-bundles.pem is pointing.
Go to the file ca-bundles.pem (for me it was in /var/lib/ca-certificates/ca-bundles.pem) and add your certificate manually by copying it from the .pem file.
save the changes and run your tests. :)
Upvotes: 1
Related Questions
- I have a certificate and a private key on the client and on the server but gRPC secure connetion fails
- Grpc python SSLV3_ALERT_HANDSHAKE_FAILURE
- gRPC client not returning certificate
- grpc/c++ Handshaker factory creation failed with TSI_INVALID_ARGUMENT
- gRPC client failing to connect to server with TLS certificates
- gRPC SSL No subject alternative names present
- Error in grpc with TLS support
- OpenSSL error alert handshake failure
- gRPC + SSL = UnsatisfiedLinkError
- SSL Cannot Make A Handshake