7

I have a problem with exchangelib. Here is my code:

creds = Credentials(
username="domain_name\\username", 
password="password")

config = Configuration(server='mail.solutec.fr', credentials=creds)

account = Account(
primary_smtp_address="surname.name@lab-solutec.fr",
autodiscover=False, 
config = config,
access_type=DELEGATE)

Here is the error I get:

SSLError: HTTPSConnectionPool(host='mail.solutec.fr', port=443): Max retries exceeded with url: /EWS/Exchange.asmx (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'ssl3_get_server_certificate', 'certificate verify failed')],)",),))

I can make it work by adding this:

from exchangelib.protocol import BaseProtocol, NoVerifyHTTPAdapter
BaseProtocol.HTTP_ADAPTER_CLS = NoVerifyHTTPAdapter

But it's just bypassing the security, so it's not what we want. If i use shared connection from my phone there is no error, so it looks like there is a problem with my enterprise proxy. I saw things about transport adapters but don't really understood how to make it work.

So, how can I make it work nicely without this bypassing solution ?

Thank you !

Elweiss
  • 545
  • 1
  • 4
  • 12
  • 1
    Does a simple request to the mail server succeed? `import requests; requests.get('https://mail.solutec.fr')` If not, then the problem is with your local root certificate setup, not exchangelib itself. – Erik Cederstrand Oct 18 '17 at 07:12
  • No it doesn't. I have the certificate but don't know where to put it. – Elweiss Oct 19 '17 at 15:00
  • 2
    `requests` gives you two options. 1) Use the `REQUESTS_CA_BUNDLE` environment variable (http://docs.python-requests.org/en/master/user/advanced/#ssl-cert-verification), and 2) use the options available in the `certifi` package (http://docs.python-requests.org/en/master/user/advanced/#ca-certificates) – Erik Cederstrand Oct 20 '17 at 06:36
  • 1
    Maybe it's a bit late, but I had the same issue and solved it: [Follow LINK](https://stackoverflow.com/questions/51262568/ssl-certificate-verify-failed-when-connecting-to-a-company-exchange-server) – Erik Steiner Jul 12 '18 at 11:11

1 Answers1

0

Use the code for "Proxies and custom TLS validation"

https://pypi.org/project/exchangelib/

I did this and used my internal PKI teams's ca bundle (which housed the CA that signed the server's cert).

Now you're secured and are overriding the OS's cert store (which does not have the firm's CA bundle in my case)

jouell
  • 3,288
  • 1
  • 18
  • 15