Python requests with https - certificate verify failed

Question

I am attempting to estabilish a https connection between 2 applications: 1 is a api in nodejs and the other is a python client application.

After reading about https and certificates i have created a self-signed certificate. To do so i used the following command:

openssl req -newkey rsa:2048 -nodes -keyout pvtkey.pem -x509 -days 365 -out domain.crt

And this to have the public key explicitely:

openssl rsa -in pvtkey.pem -pubout > pubkey.pem

Then on my python code i have the following line to make the request:

response = requests.post(endpoint, cert=("home/pi/se24-title.crt", "/home/pi/pvtkey.pem"), headers=self.headers, json=req_payload)

When i run to test my code i get the following error:

Max retries exceeded with url: /api/title 
(Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')])")))

Previously i had also tried to install the crt to the trusted certificates and make the requests like this:

response = requests.post(endpoint, verify=True, headers=self.headers, json=req_payload)

but still have the same result.

What am i doing wrong? Could it be the certificate i have generated?

Answer 1

So i managed to figure out how to do it.

Somehow i must have missed some step along the way but this is how i ended up being able to install the self-signed-certificate:

STEPS:

1. Create a self-signed certificate
    > openssl req -newkey rsa:2048 -nodes -keyout pvtkey.pem -x509 -days 365 -out domain.crt

2. Create the public key from the private key
    > openssl rsa -in pvtkey.pem -pubout > pubkey.pem


3. To install the certificate on raspbian:
sudo mkdir /usr/local/share/ca-certificates/extra
sudo cp domain.crt /usr/local/share/ca-certificates/extra/domain.crt
sudo update-ca-certificates

Hope this helps other people with the same issue.