i seem to be unable to upload data into my mongo db hosted on atlas. I have copied the exact steps posted here. https://www.w3schools.com/python/python_mongodb_insert.asp
import pymongo
import requests
url= "mongodb://jordan:*********#jordandb-shard-00-00-ykcna.mongodb.net:27017,jordandb-shard-00-01-ykcna.mongodb.net:27017,jordandb-shard-00-02-ykcna.mongodb.net:27017/test?ssl=true&replicaSet=JordanDB-shard-0&authSource=admin&retryWrites=true"
client = pymongo.MongoClient(url)
mydb = client.test
mycol = mydb["customers"]
mydict = {"name":"John", "adress":"Highway 37"}
x = mycol.insert_one(mydict)
print(client.list_database_names())
I am receiving a timeout error. Every line works until i get to the insert line (x = ....). I am using pycharm and python 3.7. However I have also tried this on jupyter and have received the same error:
pymongo.errors.ServerSelectionTimeoutError: jordandb-shard-00-00-ykcna.mongodb.net:27017: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1056),jordandb-shard-00-01-ykcna.mongodb.net:27017: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1056),jordandb-shard-00-02-ykcna.mongodb.net:27017: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1056)
Here are the steps I am following to get the url
There's a couple of reasons for this.
The most obvious one would be that you're missing the certificate chain.
You can get the chain information from issuing:
openssl s_client -showcerts -servername jordandb-shard-00-00-ykcna.mongodb.net -connect jordandb-shard-00-00-ykcna.mongodb.net:27017 </dev/null
Which will tell you that it's from DigiCert. So either you're missing that certificate chain in your local certificate store (some distro's might need you to install a root ca trust). But if you do have root ca's installed. It's time to check the validation times on the cert.
If you add | openssl x509 -noout -dates you'll get the valid dates for this certificate:
openssl s_client -showcerts -servername jordandb-shard-00-00-ykcna.mongodb.net -connect jordandb-shard-00-00-ykcna.mongodb.net:27017 </dev/null | openssl x509 -noout -dates
Which tells you the certificate is from DigiCert.
And the certificate is valid from 7/02-19 00:00 GMT to 11/2-19 12:00 GMT.
Running date in any terminal should hopefully tell you that you're in between these two dates.
In any other case, I would say this is due to a self signed certificate.
In which case you would need to do one of two things:
MongoClient(..., ssl_ca_certs='/path/to/ca.pem')
MongoClient(..., ssl_cert_reqs=ssl.CERT_NONE)
To either supply your custom CA or tell Mongo to ignore certificate validation (the later being the worst possible option. Even if you say "I won't forget to fix that later", heh).
You Can Use pymongo default function
connObj = MongoClient(MONGO_HOST, MONGO_PORT)
connObj[MONGO_DB].authenticate(MONGO_UNAME, MONGO_PASSWD)
Related
I have a question regarding an error I have in Python. I am trying to have access to an API via a certificate file. This is the code I implemented:
import base64
import ssl
certificate_file = "s2s-prod.cer"
certificate_secret = "UEbQ67AubZBK"
context = ssl.SSLContext()
context.load_cert_chain(certfile=certificate_file, password=certificate_secret)
When I try to run the code, I have this error: SSLError: [SSL] PEM lib (_ssl.c:4045). I decided to check the file _ssl.c on line 4045 to see what is this error.
if (capath && !PyUnicode_FSConverter(capath, &capath_bytes)) {
if (PyErr_ExceptionMatches(PyExc_TypeError)) {
PyErr_SetString(PyExc_TypeError,
"capath should be a valid filesystem path");
}
goto error;
}
Also, I checked the certificate file and the password is correct so I don't understand why I am getting this error.
Can someone explains to me what this error mean? Is it because the certificate I was given is not working or is it because I did something wrong in the code? I tested with another certificate and it is working so I was wondering what kind of input I should put in certfile.
Thank you in advance and let me know if you need more explanation (I tried to put as much information as I could).
Ok, I found the solution:
I re-ran the certificate using an OpenSSL Command Prompt with the following command:
openssl pkcs12 -in clear-s2s-prod.pfx -out cfsb-prod.cer -nodes
command prompt ssl
Trying to validate my certificate and getting the following error: failed to open CA file: No such process
when I run in Python
print(ssl.get_default_verify_paths())
Result: cafile: None, capath: None
SSL_CERT_FILE AND SSL_CERT_DIR are shown, but how do i create a ca certificate containing this information in Windows?
I set up a Mosquitto broker in a Raspberry Pi and created self-signed TLS server certificate with OpenSSL. Configuration works as I can connect successfully with Moquitto client from terminal, as well as from MQTTBox and MQTT.fx.
However when trying to connect with Python and Paho-MQTT following error
import paho.mqtt.client as mqtt
# SETTINGS & CONSTANTS
(...)
TLS_CA = "./tls/mqtt.crt"
# MQTT CALLBACKS
(...)
# INIT & CONNECT CLIENT
client = mqtt.Client(DEVICE_ID)
(...)
client.tls_set(TLS_CA)
client.username_pw_set(MQTT_USER, MQTT_PSWD)
client.connect(MQTT_HOST, MQTT_PORT, MQTT_KEEPALIVE)
I get the following error:
File "/usr/lib/python3.4/ssl.py", line 804, in do_handshake
self._sslobj.do_handshake()
ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:600)
I've tried many things:
1) Insert self-signed certificate into Raspbian ca-certificates
sudo mkdir /usr/local/share/ca-certificates/extra
sudo cp mqtt.crt /usr/local/share/ca-certificates/extra/mqtt.crt
sudo update-ca-certificates
2) Play with Paho's tls_set() options. I think ca_certs=mqtt.crt and tls_version=ssl.PROTOCOL_TLSv1 should be enough.
3) Use tls_insecure_set(True). I know this is not a valid solution, but I just wanted to try if something happen. Result is still CERTIFICATE_VERIFY_FAILED error
4) Use Python 2.7.9 and Python 3.4.2
I've actually run out of ideas
After long time trying and reading everywhere I realized the problem was caused by self-signed certificates. I generated new certificates with different Common Names for CA and broker and everything seems to work fine.
I'm using Windows 10 OS.
I want to count the number of IP Address of AWS.
I use python 2.7.14 and boto 2.6.0
I add a file which name is boto.config locate C:\Users\Administrator folder
The content of the boto.config is:
[Credentials]
aws_access_key_id=******
aws_secret_access_key=*****
The script is :
#!/usr/bin/env python
# -*- encoding: utf8 -*-
import boto.ec2
from pprint import pprint
import ssh
import requests
import urllib3
import certifi
import ssl
conn = boto.ec2.connect_to_region('cn-north-1')
reservations = conn.get_all_instances()
InstanceMap=[]
for reservation in reservations:
for instance in reservation.instances:
if 'env' in instance.tags and instance.tags['env'] == 'test':
InstanceMap.append(instance.ip_address)
f = open('F:\ip.txt','w')
pprint(InstanceMap, f)
When I run this script, it show the error formation:
SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:661)
What's the method can I solve this problem ?
I was having same issue with boto3 and Python 3.7 on Windows 10 machine. As it turned out, since I was using corporate device with Proxy installed, *.amazonaws.com certificate was getting replaced by the Proxy certificate. This Proxy certificate chain needed to be trusted by Python certifi module. Whether or not, you have a proxy, below method should resolve SSL: CERTIFICATE_VERIFY_FAILED error.
Here is what I did, to resolve the issue -
Find the path where cacert.pem is located -
Install certifi, if you don't have. Command: pip install certifi
import certifi
certifi.where()
C:\\Users\\[UserID]\\AppData\\Local\\Programs\\Python\\Python37-32\\lib\\site-packages\\certifi\\cacert.pem
Set AWS_CA_BUNDLE environment variable to the cacert.pem path -
AWS_CA_BUNDLE=C:\Users\[UserID]\AppData\Local\Programs\Python\Python37-32\Lib\site-packages\certifi\cacert.pem
Download the chain of certificates from amazonaws.com URL. For example: Go to https://sts.amazonaws.com/xyz on a browser and export Root, all the intermediate certificates, domain cert and save as base64 encoded .cer file. Open the certificates in notepad, copy all the contents.
Now open the cacert.pem in a notepad and just add every downloaded certificate contents (---Begin Certificate--- *** ---End Certificate---) at the end.
Restart the command line prompt or PowerShell, SSL verification error should be resolved.
Do not use is_secure = False in your organization's envrionments. This is essentially disabling SSL verification.
Try adding is_secure = False like below, in order to skip ssl verification,
conn = boto.ec2.connect_to_region('cn-north-1',is_secure=False)
Try providing the credentials as so, that way you would know if the keys in boto config are old if this works, and if this returns the same issue then you need to check your api-key and secret on aws.
API_KEY = 'Actual API_KEY'
API_SECRET = 'Actual Secret'
conn = boto.ec2.connect_to_region('us-east-2',aws_access_key_id=API_KEY,aws_secret_access_key=API_SECRET,is_secure=False)
I'm trying to make a RESTfull call in Python (2.7) to a tomcat server and it must be done using SSL with client certificate.
The following line is how the call to tomcat is done:
result = requests.get(url, headers=headers, verify=settings.SLA_CA_SERVER_CERTIFICATE, cert=(settings.SLA_CLIENT_CERTIFICATE_PUBLIC, settings.SLA_CLIENT_CERTIFICATE_PRIVATE), **kwargs)
I got the following error:
[Errno 336265225] _ssl.c:355: error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib ()
I've tried using in the cert variable .pem files and .key and .crt files and had no luck. The private key hasn't a password. Any clue why I'm having this error?
Thank you very much
I was creating the public certificate and private key from .p12 file using openssl in windows.
I created them using and openssl from linux (ubuntu) and it worked.
Just informative, the commands used to create the keys where
openssl pkcs12 -in path.p12 -out newfile.crt.pem -clcerts -nokeys
openssl pkcs12 -in path.p12 -out newfile.key.pem -nocerts -nodes