0

I want to connect to a SOAP API that does not have WSDL in Python. To connect I need to a add a SSL certificate and authenticate afterwards.

from pysimplesoap.client import SoapClient, SimpleXMLElement

cacert = open(path, 'rb').read()  # read the certificate
header = SimpleXMLElement('<Header/>')
credentials = header.add_child('Credentials')
credentials.marshall('Password', 'password')
credentials.marshall('Username', 'username')

client = SoapClient(
    location="https://mytest.com/Services/",
    cacert=cacert)
client['Header'] = header

client.action = "https://mytest.com/Services/Action1"

client.Action1()  # gives SSL error

The result I receive is a SSL error:

SSLHandshakeError: [Errno 1] _ssl.c:510: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

Can anyone, please, tell me how to solve this issue? Or can you advise any other library I can use. Most SOAP libraries I found offer connection only to WSDL.

Irene Texas
  • 1,731
  • 2
  • 12
  • 8
  • Like this: http://stackoverflow.com/a/6532645/3929826 ? – Klaus D. Jul 10 '15 at 14:13
  • But looking at your error message: This is more an SSL issue. There seems to be a problem with the SSL context. The CA certificates are not defined or the servers certificate is not valid in the context (self signed certificate?). – Klaus D. Jul 10 '15 at 14:16
  • I received a certificate and was able to add it to Chrome browser. Therefore, I could access the url I have (or course I got a forbidden message as I had not used my credentials). I look into your suggestion. Thank you! – Irene Texas Jul 10 '15 at 14:21
  • The certificate file you provided in the code, is that the client certificate for authentication or the CA certificate to validate the server certificate against? – Klaus D. Jul 10 '15 at 14:38
  • I have a pfx file from which I could get a certificate file (which I think is the CA certificate) and a key file. – Irene Texas Jul 10 '15 at 14:51

1 Answers1

0

Usually in a pfx file there is the client certificate with key, not the CA file. The libraries seems to expect the client certificate as PEM. You should extract the certificate and the key as show in https://stackoverflow.com/a/9516936/3929826.

Then hand it in to the SoapClient() initiation as cert and key_file argument:

client = SoapClient(location="https://mytest.com/Services/",
                    cert='mycert.pem',
                    key_file='mycert.key)

It should also be possible to put both into the cert file.

If that still does not work your have to add the CA certificate as the cacert parameter after you retrieved it as described in https://stackoverflow.com/a/7886248/3929826 .

For further reference see the source code of simplesoap: https://code.google.com/p/pysimplesoap/source/browse/pysimplesoap/client.py#75 .

Community
  • 1
  • 1
Klaus D.
  • 13,874
  • 5
  • 41
  • 48