Bear with me here guys, I am using Flask and I have two different API services running on different IP's and ports on Ubuntu 20.04.3 LTS. All I want to do is send a POST or GET request from one to another using an SSL connection.
I am able to create cert and key files with using "sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/name_of_key.key -out /etc/ssl/name_of_crt.crt" command, also
added these files here /etc/nginx/sites-enabled/myapi.service in order to have SSL connection.
My NGINX file is given below:
server {
listen 60000 ssl;
ssl_certificate /etc/ssl/name_of_cert.crt;
ssl_certificate_key /etc/ssl/name_of_key.key;
server_name IP_ADDRESS;
location / {
include uwsgi_params;
uwsgi_pass unix:/home/first_api/first_api.sock;
}}
The problem occurs when I try to send a POST request from one API to another. My code for first API is given below:
from flask import Flask, jsonify
import requests
app = Flask(__name__)
#app.route('/sample_api_one', methods=['POST', 'GET'])
def service():
data = {}
data["message"] = "first message has arrived"
response = requests.post('https://SECOND_API_IP_ADDRESS:57949/second_api', json=data, verify="/etc/ssl/name_of_crt.crt")
return jsonify(response.json())
I know that I can send my request with changing "verify=False" but that's not the thing I want.
I would like to send my request with using SSL connection. Almost tried everything here but still not able to do it.
Lastly, here is my error code when I try to run my app and send a request:
File "/home/venv_first_api/lib/python3.8/site-packages/requests/adapters.py", line 514, in send
raise SSLError(e, request=request)
requests.exceptions.SSLError: HTTPSConnectionPool(host='SECOND_API_IP_ADDRESS', port=57949): Max retries exceeded with url: /second_api (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate (_ssl.c:1131)')))
Related
I have created an .exe file with the help of pyinstaller module, the problem resides when I perform a request to an endpoint via the .exe using https proxies which throws me an error:
requests.exceptions.ProxyError: HTTPSConnectionPool(host='www.lustmexico.com', port=443): Max retries exceeded with url: /products.json (Caused by ProxyError('Cannot connect to proxy.', timeout('_ssl.c:1059: The handshake operation timed out')))
But instead, when I execute the request via my main.py file (e.g. the main entry point of the program, using python files, not .exe converted yet) no error happens
Here's how my proxies are configured:
ip = "IP OF MY PROXY"
proxies = {
"https": 'https://' + ip,
"http": 'http://' + ip
}
return proxy
And the way I perform the request is:
r = requests.get(self.link + "/products.json", proxies=proxies, headers=headers, timeout=timeout)
At first instance I guessed was the timeout, but its to high now and I have tested and is not, for sure, the main error cause
After doing my long research I found that there was an error on my https proxies or SSL installed in my machine but not really sure about that, yet I don't understand the problem, please help
I'm trying to send a GET request to a host with (supposedly) correct certificates.
It's a university task, and they gave me these certificates. (which are only valid for 30 seconds)
But the code below gives me the error that certificate verify failed: self signed certificate
The package I got from the host in response says that Fatal Error: Unknown CA.
What could cause the issue? Thanks!
context = ssl.SSLContext(ssl.PROTOCOL_TLSv1_2)
context.load_cert_chain('clientcert.pem', keyfile='clientkey.pem')
connection = http.client.HTTPSConnection(IP)
connection.request("GET", "/")
response = connection.getresponse()
print("response:", response)
The error message seems to be self-explanatory. Self-signed SSL certificates always cause security warnings/errors. You will either need to add your self-signed SSL as an exception or add the self-signed CA to OS trusted certificates pool.
You may also try using something identical to --insecure option in curl.
Currently working on using zeep for a client binding to an application that we do not control (so we cannot change its behavior).
Unfortunately for me, the WSDL is hosted on a https:// page, while the binding itself ONLY support HTTP, so i cannot simply change the binding address to HTTPS to make this working.
When first creating the zeep client object I am assuming this is then a python requests prepared request, which now is forced to only accept SSL.
Question: Is there a way to tell zeep or python requests that the next response won't be HTTPS?
Example:
from requests import Session
from zeep import Client
from zeep.transports import Transport
import requests
from requests.packages.urllib3.exceptions import InsecureRequestWarning
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
session = Session()
session.verify = False
transport = Transport(session=session)
client = Client('https://example.local:8443/www/core-service/services/LoginService?wsdl', transport=transport)
with client.settings(raw_response=True):
print(client.service.login('0', 'user', 'password'))
This would return this error because the next call is towards an http address:
requests.exceptions.SSLError: HTTPSConnectionPool(host='localhost', port=9090): Max retries exceeded with url: /core-service/services/LoginService (Caused by SSLError(SSLError(1, '[SSL: UNKNOWN_PROTOCOL] unknown protocol (_ssl.c:877)'),))
You can set the "force_https" property to false in order to avoid the https forcing.
https://python-zeep.readthedocs.io/en/master/settings.html#settings
I am trying to connect to the Visa Direct API, but i am not passing the basic SSL certificate authetification, here is my code:
import requests
headers = { 'Content-Type' : 'Application/json' }
url = 'https://sandbox.visa.com/rsrv_vpp/v1/acnl'
payload = {"SystemsTraceAuditNumber":565690,
"RetrievalReferenceNumber":"505012455690",
"AcquiringBin":409999,
"AcquirerCountryCode":"840",
"PrimaryAccountNumber":"4895070000008881"}
r = requests.post(url, data=json.dumps(payload),
cert =('/etc/ssl/certs/sandbox_cert.pem'), headers=headers,
auth=('370df57a-a8aa-4446-a23e-44a0ef06ea09',
'6023e518-c36c-47a8-b16e-c8a5b3a941ef'))
Ass you can see i am using request and passing the cert argument along with the API user and password info but i keep getting the error:
requests.exceptions.SSLError: [Errno 1] _ssl.c:510: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
I get a SSL error when I try to open https://sandbox.visa.com/rsrv_vpp/v1/acnl in Google Chrome.
The Visa Docs say
SSL Server Authentication
The SSL server certificate installed on sandbox.visa.com servers is a
Visa issued self-signed certificate. Client applications need to add
the sandbox.visa.com SSL certificate to their local trust store to
prevent SSL Handshake errors at runtime.
Ensure that your application that connects to the Visa Direct API is
configured (or built) to use the trusted certificate store as a trust
store, and not a key store.
Verify that the application is configured to use the right password
associated with the trust store file.
It looks like you need to do do some SSL Authentication before you can connect to Visa.
My apache ssl conf has the following configs
# Server Certificate:
SSLCertificateFile /etc/pki/tls/certs/localhost.crt
# Server Private Key:
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
I do not have the CA certificates for this server. Can I still install the localhost.crt into my clients to successfully verify my server?
On the client:
I am using Python requests library (2.2.1). The default CA BUNDLE path is used. Even when I add the localhost.crt to the cacert.pem in the default path, I am unable to see the verification go through. I see the exception:
File "/usr/lib/python2.7/site-packages/requests/adapters.py", line 385, in send
raise SSLError(e)
SSLError: [Errno 1] _ssl.c:504: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Am I doing anything wrong? Should I only add the CA who signed the localhost.crt in the server?
Thanks,
Vijay
If you provided code and be more clear on what you're doing then you'd get a good answer.
If you want don't want to get the error even if you use an invalid certificate then try the verify=False attribute.
>>> requests.get('https://kennethreitz.com', verify=False)
If you want to use a custom certificate, then place the certificate in the script folder and use the cert=('/path/client.cert', '/path/client.key') argument.
>>> requests.get('https://kennethreitz.com', cert=('/path/client.cert', '/path/client.key')).
For more info read the docs.python-requests.org/en/master/user/advanced/ site