CODEWITHSUNDEEP
sslpython-requestspython-3.8pfx
Bruno Penha
Bruno Penha

Reputation: 77

Python Requests SSL: TLSV13_ALERT_CERTIFICATE_REQUIRED - tlsv13 alert certificate required

I am trying to create an HTTPS connection with a secured host and, even if I have the pem certificate (I have imported it from jks keystore file), I'm still receiving this error.

[SSL: TLSV13_ALERT_CERTIFICATE_REQUIRED] tlsv13 alert certificate required

So, this is the request:

import requests
r = requests.patch("https://selfsigned_host:8080/myapp/v1/service/id/123", json={'another_field':'987654321'},verify='C:\\my_selfsigned_host.pem')

I have solved this by doing this solution from this Gist:

import contextlib
import OpenSSL.crypto
import os
import requests
import ssl
import tempfile
import urllib3.contrib.pyopenssl

@contextlib.contextmanager
def pfx_to_pem(pfx_path, pfx_password):
    ''' Decrypts the .pfx file to be used with requests. '''
    with tempfile.NamedTemporaryFile(suffix='.pem',delete=False) as t_pem:
        f_pem = open(t_pem.name, 'wb')
        pfx = open(pfx_path, 'rb').read()
        p12 = OpenSSL.crypto.load_pkcs12(pfx, pfx_password)
        f_pem.write(OpenSSL.crypto.dump_privatekey(OpenSSL.crypto.FILETYPE_PEM, p12.get_privatekey()))
        f_pem.write(OpenSSL.crypto.dump_certificate(OpenSSL.crypto.FILETYPE_PEM, p12.get_certificate()))
        ca = p12.get_ca_certificates()
        if ca is not None:
            for cert in ca:
                f_pem.write(OpenSSL.crypto.dump_certificate(OpenSSL.crypto.FILETYPE_PEM, cert))
        f_pem.close()
        yield t_pem.name

And I cloud reuse my pfx cert to make my request:

with pfx_to_pem('C:\\my_cert.pfx', 'my_pass') as cert:
     r = requests.patch(url,json=body,cert=cert, verify=False, headers=headers)

It works perfectly as I expect, but does anyone want to improve this solution?

Upvotes: 4

Views: 14319

Answers (1)

Steffen Ullrich
Steffen Ullrich

Reputation: 123250

[SSL: TLSV13_ALERT_CERTIFICATE_REQUIRED] tlsv13 alert certificate required

The server requires a client certificate and you did not provide one. Certificate and the matching private key have to be provided with the cert parameter - see Client Side Certificates in the documentation.

Upvotes: 4

Related Questions