Reputation: 131
SSL validation failed for https://s3.zoneame.amazonaws.com/ [SSL: CERTIFICATE_ VERIFY_FAILED] certificate verify failed (_ssl.c:749)
When I run the command aws s3 ls I'm getting this error:
SSL validation failed for https://s3.zonename.amazonaws.com/ [SSL: CERTIFICATE_
VERIFY_FAILED] certificate verify failed (_ssl.c:749)
It work's fine with --no-verify-ssl
How can I make it work with ssl verficication?
aws s3 ls --debug
log below:
Traceback (most recent call last):
File "C:\Program Files\Amazon\AWSCLI\runtime\lib\site-packages\urllib3\connect
ionpool.py", line 594, in urlopen
self._prepare_proxy(conn)
File "C:\Program Files\Amazon\AWSCLI\runtime\lib\site-packages\urllib3\connect
ionpool.py", line 805, in _prepare_proxy
conn.connect()
File "C:\Program Files\Amazon\AWSCLI\runtime\lib\site-packages\urllib3\connect
ion.py", line 344, in connect
ssl_context=context)
File "C:\Program Files\Amazon\AWSCLI\runtime\lib\site-packages\urllib3\util\ss
l_.py", line 344, in ssl_wrap_socket
return context.wrap_socket(sock, server_hostname=server_hostname)
File "ssl.py", line 401, in wrap_socket
File "ssl.py", line 808, in __init__
File "ssl.py", line 1061, in do_handshake
File "ssl.py", line 683, in do_handshake
ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c
:749)
Upvotes: 9
Views: 44376
Answers (4)
Reputation: 187
Update proxy settings solve my problem in windows system.
Steps for window 10:
In the search bar located on the left-hand side of your taskbar, next to the Windows
From the search results listed, click on the one that matches what you're looking for like in our case "Proxy settings".
Click on Proxy (left side bottom)
Add *.aws.amazon.com;
Now run AWS cli command in CMD
Upvotes: 1
Reputation: 147
$ export AWS_CA_BUNDLE="C:\Program Files\Amazon\AWSCLIV2\botocore/cacert.pem"
This will work !! Enjoy
Upvotes: 1
Reputation: 2309
I was using the S3 docker tools and I encountered this same issue.
Adding --network=host to the docker command fixed it for me.
Upvotes: 0
Reputation: 9526
The issue here is not using proxy per se (AWS CLI allows this by setting e.g. HTTPS_PROXY environment variable) but the AWS CLI client not trusting proxy's certificate. Proxy's certificate might be self-signed, with your company set as CA (Certification Authority). AWS CLI client cannot find your company's CA root certificate in the local system's CA registry so it can't verify proxy's certificate and issues the CERTIFICATE_VERIFY_FAILED error.
To fix this we can pass company's root certificate (e.g. company-root-ca.pem) to AWS CLI client via --ca-bundle command parameter (or via AWS_CA_BUNDLE environment variable or config file):
$ export HTTPS_PROXY=<host>:<port>
$ aws s3 ls --ca-bundle /path/to/company-root-ca.pem
Upvotes: 4
Related Questions
- SSL CERTIFICATE_VERIFY_FAILED in aws cli
- ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:749)
- Boto [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed while connecting to S3
- ValueError: Invalid endpoint: https://s3..amazonaws.com
- Getting "SSL_connect returned=1 errno=0 state=error: certificate verify failed" when connecting to S3
- SSL error - certificate verify failed - AWS IOT (basicPubSub.py)
- Error: AWS CLI SSH Certificate Verify Failed _ssl.c:581
- HTTPSConnectionPool(host='s3-us-west-1b.amazonaws.com', port=443): Max retries exceeded with url
- aws cli works perfectly but Python script gets CERTIFICATE_VERIFY_FAILED
- Python : TLS/SSL connection has been closed