7

My apache ssl conf has the following configs

#   Server Certificate:
SSLCertificateFile /etc/pki/tls/certs/localhost.crt

#   Server Private Key:
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key

I do not have the CA certificates for this server. Can I still install the localhost.crt into my clients to successfully verify my server?

On the client: I am using Python requests library (2.2.1). The default CA BUNDLE path is used. Even when I add the localhost.crt to the cacert.pem in the default path, I am unable to see the verification go through. I see the exception:

    File "/usr/lib/python2.7/site-packages/requests/adapters.py", line 385, in send
    raise SSLError(e)
SSLError: [Errno 1] _ssl.c:504: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

Am I doing anything wrong? Should I only add the CA who signed the localhost.crt in the server?

Thanks, Vijay

Vijay Shankar Kalyanaraman
  • 917
  • 3
  • 9
  • 16
  • Does this help http://stackoverflow.com/questions/10667960/python-requests-throwing-up-sslerror – Jason S Aug 06 '14 at 01:57
  • Thanks, I tried that, but adding the SSLCertificateFile to the end of /usr/lib/python2.7/site-packages/requests/cacert.pem does not work. Either I am copying to the wrong location or I am copying the wrong cert (signed cert instead of signing CA cert). I suspect the latter. – Vijay Shankar Kalyanaraman Aug 06 '14 at 02:57
  • 1
    What is the URL to the server? Also, please provide the Python code, and not just the Python exception. – jww Aug 06 '14 at 03:19

1 Answers1

5

If you provided code and be more clear on what you're doing then you'd get a good answer.

If you want don't want to get the error even if you use an invalid certificate then try the verify=False attribute.

>>> requests.get('https://kennethreitz.com', verify=False)

If you want to use a custom certificate, then place the certificate in the script folder and use the cert=('/path/client.cert', '/path/client.key') argument.

>>> requests.get('https://kennethreitz.com', cert=('/path/client.cert', '/path/client.key')).

For more info read the docs.python-requests.org/en/master/user/advanced/ site

Wally
  • 432
  • 6
  • 19