0

I recently upgraded to python 2.7.9, and I'm experiencing all sorts of SSL errors:

.SSL verification error: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590)

I paid for an SSL certificate, how do I set it up so that python stops complaining. I received a .crt file, how do I convert that to a .pem? Also, is there any way to fix this globally, such that I don't have to go and change all my all code?

Thanks!

FYI, when I type this: conda install python=2.7.7, I get these errors:

Fetching package metadata: SSL verification error: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590)
SSL verification error: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590)
.SSL verification error: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590)
SSL verification error: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590)

so this has nothing to do with any specific URLs, it's a configuration issue, and my question is how do I tell python where to look for my .crt files.

vgoklani
  • 10,685
  • 16
  • 63
  • 101
  • What server, what OS, what code? – metatoaster Sep 17 '15 at 23:17
  • running on Ubuntu 14, all of my code that makes outgoing requests to https URLs now fail. – vgoklani Sep 17 '15 at 23:18
  • Which https urls, just the one on your server or ALL https urls? Please update your question with all the details. – metatoaster Sep 17 '15 at 23:20
  • 1
    It could be a duplicate of [“SSL: CERTIFICATE_VERIFY_FAILED” Error](http://stackoverflow.com/questions/27835619/ssl-certificate-verify-failed-error) – metatoaster Sep 17 '15 at 23:22
  • it's not a duplicate because I want to solve the problem, I'm not looking for a work-around. There is no actual solution posted in that link, just a hack. How do I tell python that my .crt file is located at pathX, so this problem is solved. That's the question! – vgoklani Sep 17 '15 at 23:35
  • You need the .crt installed on the server, your python application need to use the .pem supplied by your registrar, if you can't read past the first answer which would have pointed you to [this link](http://stackoverflow.com/q/27804710/2904896) and code (`urllib2.urlopen(req, cafile="verisign.pem")`) – metatoaster Sep 17 '15 at 23:39
  • is there any way to define it globally, I can't possibly rewrite all my functions to include "cafile="verisign.pem"" – vgoklani Sep 17 '15 at 23:42
  • This then becomes a system administration issue, see: [What should I do about Python 2.7.9 not looking for SSL certificates in the right place on FreeBSD?](http://unix.stackexchange.com/questions/176294/what-should-i-do-about-python-2-7-9-not-looking-for-ssl-certificates-in-the-righ) for the solution to similar problem (`ssl.get_default_verify_paths()`) – metatoaster Sep 17 '15 at 23:48
  • (updated) I would like to see a proper solution as well and not a workaround. Would be great to have a store to put known certificates like when using ssh for known certificates. – Timothy C. Quinn Nov 21 '15 at 20:14

0 Answers0