Using requests I am trying to access https connection. The basic auth is not working.
I installed
pip install requests[security]
but no luck. Tried download the certificate from following command
openssl s_client -showcerts -connect <host>:<port> </dev/null 2>/dev/null|openssl x509 -outform PEM >mycertfile.pem
and trying following code Getting error:
requests.exceptions.SSLError: bad handshake: Error([('SSL routines', 'ssl3_get_server_certificate', 'certificate verify failed')],)
Here is my code
import requests
s = requests.Session()
requests.get(url , verify='/path/to/certfile')
s.verify =cert_path
s.auth = (usr, pwd)
resp = s.get(url).content
Related
I need to call a web API. For that I need a bearer token.
I am using databricks(python) code to first get authenticated over Microsoft AAD. Then get bearer token for my service_user. I Followed the microsoft docs docs
But facing problem where it hits our Company server and asking for SSL certificate.
I can't install any certificate. What could be a better way to avoid it. Below is my short code taken from above microsoft and Git repos. but its not working.
Can i get help!
clientId = "42xx-xx-xx5f"
authority = "https://login.microsoftonline.com/tenant_id/"
app = msal.PublicClientApplication(client_id=clientId, authority=authority)
user = "serviceuser#company.com"
pwd = "password"
scope = "Directory.Read.All"
result = app.acquire_token_by_username_password(scopes=[scope], username=user, password=pwd)
print(result)
Got below error
HTTPSConnectionPool(host='mycompany.com', port=443): Max retries exceeded with url: /adfs/services/trust/mex (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1125)')))
The problem is that the code uses the requests library that relies on the certifi package instead of using Linux certificate chain (so existing instructions doesn't work). To solve that problem it's better to use cluster init script that will install SSL certificate when cluster starts. Something like this (requests and certifi are installed by default), just replace CERT_FILE with actual path to the .pem file with CA certificate:
CERT_FILE="/dbfs/....."
CERTIFI_HOME="$(python -m certifi 2>/dev/null)"
cat $CERT_FILE >> $CERTIFI_HOME
I have a Python script that requests an https URL using the requests package. In so doing, I get a certificate error:
import requests
resp = requests.get('https://comicskingdom.com/', verify=True)
The error I see is:
ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:833)
My system has the certifi package installed, but apparently the target server's certificate cannot be validated using that package's bundle. How can I verify this certificate properly? Where do I look to download the appropriate certificate chain? In the future, how do I know where to find the right certificate chain for any given certificate?
Solution:
requests documentation: https://requests.readthedocs.io/en/master/user/advanced/
(check args and kwargs possibilities (cert=...) in chapter SSL Cert Verification)
but to quickly resolve your issue:
(Firefox) go to your site. Click on the https icon left to the browser url (usually the icon looks like a lock),click on an arrow next to 'connection secure', click more info, click View certificates and scroll down to download Chain certificate. (You can even try here on stackoverflow site)
Then, in your requests.get, add path to the chain file
>>> requests.get('https://comicskingdom.com', verify='{path}/comicskingdom-com-chain.pem')
<Response [200]>
The certificate has some issue, so I will post here what I was able to find
What is problem?
What exactly is a problem can be found through this link or through finding the error
Source: https://security.stackexchange.com/questions/16085/how-to-get-public-key-of-a-secure-webpage
for you to examine the problem, run this command
This command will show you the certificate is ok, but there is issue
openssl s_client -connect comicskingdom.com:443 | openssl x509 -pubkey -noout
which outputs
openssl s_client -connect comicskingdom.com:443 | openssl x509 -pubkey -noout
depth=0 OU = Domain Control Validated, CN = *.comicskingdom.com
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 OU = Domain Control Validated, CN = *.comicskingdom.com
verify error:num=21:unable to verify the first certificate
verify return:1
Note this part
verify error:num=20:unable to get local issuer certificate
which matches requests error that I received with requests
requests.exceptions.SSLError: HTTPSConnectionPool(host='comicskingdom.com', port=443): Max retries exceeded with url: / (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1091)')))
I am trying to access Solr using urllib2 as instaructed here: https://lucene.apache.org/solr/guide/7_3/using-python.html using urllib
but running into error raise URLError(err) urllib.error.URLError: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: Hostname mismatch, certificate is not valid for 'the_dns-for-lb'
The cert exist in AWS ACM and there is custom auth, can someone guide me how to establish connection?
from urllib.request import urlopen
connection = urlopen('https://dns-for-lb/solr/design').read()
response = eval(connection.read())
tried:
Using urllib gives SSL error
Using urllib gives SSL error
pip install fails with "connection error: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:598)"
I am attempting to estabilish a https connection between 2 applications: 1 is a api in nodejs and the other is a python client application.
After reading about https and certificates i have created a self-signed certificate.
To do so i used the following command:
openssl req -newkey rsa:2048 -nodes -keyout pvtkey.pem -x509 -days 365 -out domain.crt
And this to have the public key explicitely:
openssl rsa -in pvtkey.pem -pubout > pubkey.pem
Then on my python code i have the following line to make the request:
response = requests.post(endpoint, cert=("home/pi/se24-title.crt", "/home/pi/pvtkey.pem"), headers=self.headers, json=req_payload)
When i run to test my code i get the following error:
Max retries exceeded with url: /api/title
(Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')])")))
Previously i had also tried to install the crt to the trusted certificates and make the requests like this:
response = requests.post(endpoint, verify=True, headers=self.headers, json=req_payload)
but still have the same result.
What am i doing wrong?
Could it be the certificate i have generated?
So i managed to figure out how to do it.
Somehow i must have missed some step along the way but this is how i ended up being able to install the self-signed-certificate:
STEPS:
1. Create a self-signed certificate
> openssl req -newkey rsa:2048 -nodes -keyout pvtkey.pem -x509 -days 365 -out domain.crt
2. Create the public key from the private key
> openssl rsa -in pvtkey.pem -pubout > pubkey.pem
3. To install the certificate on raspbian:
sudo mkdir /usr/local/share/ca-certificates/extra
sudo cp domain.crt /usr/local/share/ca-certificates/extra/domain.crt
sudo update-ca-certificates
Hope this helps other people with the same issue.
I'm trying to access a website with httplib library but i'm getting this error: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590)
c = httplib.HTTPSConnection('IP', 443)
c.request(method,url);
Because the certificate is self-signed. How can I disable the certificate verification?
Thanks!
How do I have python httplib accept untrusted certs?
httplib.HTTPSConnection(hostname, timeout=5, context=ssl._create_unverified_context())