CODEWITHSUNDEEP
pythonnginxsslssl-certificate
Constantin
Constantin

Reputation: 915

Python requests: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate

I trying to terminate SSL on NGINX by passing the upstream server as a proxy. The working environment is on localhost.

I have tried by all means to suppress the error, but it won't

NGINX Config

stream {
    upstream stream_backend {
         server localhost:5011;
         
    }
    server {
        listen 80;
        listen 443 ssl;
        proxy_pass            stream_backend;
        ssl_certificate      /etc/ssl/certs/proxypool.crt;
        ssl_certificate_key  /etc/ssl/private/proxypool.key;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers         HIGH:!aNULL:!MD5;
        ssl_session_timeout 4h;
        ssl_session_cache shared:SSL:20m;
    }
}

The way I'm generating the certificate

sudo openssl req -x509 -nodes -days 9999 -newkey rsa:2048 \
    -keyout /etc/ssl/private/proxypool.key \
    -out /etc/ssl/certs/proxypool.crt

*With empty answer to all prompts

The way I'm performing the request

proxies = {
    'http': 'http://localhost',
    'https': 'https://localhost'
}

response = requests.post(
    'https://api.ipify.org?format=json',
    proxies=proxies,
    verify="/etc/ssl/certs/proxypool.pem"
)

The error

requests.exceptions.SSLError: HTTPSConnectionPool(host='api.ipify.org', port=443): Max retries exceeded with url: /?format=json (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate (_ssl.c:1131)')))

Things I tried with no success

Upvotes: 0

Views: 3332

Answers (1)

Vitaly
Vitaly

Reputation: 81

Add your self signed certificates to Python certs bundle, check where it is located by:

>>> import certifi
>>> certifi.where()
'/Library/Frameworks/Python.framework/Versions/3.9/lib/python3.9/site- 
packages/certifi/cacert.pem'

and add your certificates to the end of that file.

Upvotes: 1

Related Questions