0

I'm new to Python and have been struggling with this for hours now, so I thought perhaps someone within the community would be able to help.

I have a self signed certificate from a 3rd party enterprise who is not a valid CA which is fine.

I've created a .p12 and I'm SUCCESSFULLY able to connect to said 3rd party's HTTP server using C# and .net (great).

Using the same .p12, I'm able to create a keystore, import the key, and successfully connect to the 3rd party's HTTP server using Java HttpsURLConnection (also great).

Unfortunately, it is not trivial at all to do this in Python!

Someone has pointed to this post here: generating cert for use with python requests getting PEM lib error

But the answer on this question DOES NOT explain or help why Python is different at all. In C# and Java, I don't need the ca-certificates.crt and I'm not sure how or what the process is of how to create it for Python from a .p12. And I'm certain that I would still need to pass the crt.pem and key.pem which the answer does not use at all, which as I understand is specific to Python (as both C# and Java can use the .p12 instrinsically without any hacking)

As such I have followed these instructions from IBM to split the .p12 into a key.pem and a cert.pem https://www.ibm.com/support/knowledgecenter/en/SSZRJV_10.1.0/admin_guide/pac_x509_web_services_python_convert.html

I have tried the following Python http libraries to try to make the connection (as imports below):

  • import requests
  • import http.client.HTTPSConnection
  • import httplib2

Code snippet using requests

import requests 
r = requests.get(url, cert=('crt.pem', 'key_nopass.pem'))
print(r.text)

Code snippet using httplib2 (and from IBM example) https://www.ibm.com/support/knowledgecenter/SSZRJV_10.1.0/admin_guide/pac_x509_web_services_test.html

import httplib2
http = httplib2.Http()
http.add_certificate('key_nopass.pem', 'crt.pem', '')
response, content = http.request(url, 'GET')
print(content)

Using any of these libraries, I get the following error:

OpenSSL.SSL.Error: [('SSL routines', 'ssl3_get_server_certificate', 'certificate verify failed')]

Would appreciate if anyone can point me in right direction or tell me what I'm doing wrong. Quite frustrating since as I mentioned the same simple HTTP calls work from C# and Java without issue (which confirms that the p12 and certs are valid)

I've tried + used many different stackoverflow posts to no avail.

Thanks

TF Newby
  • 61
  • 4
  • *"But the answer on this question DOES NOT explain or help why Python is different at all."* - It is not different. But how the CA store is configured is different. And, you are using the wrong argument to set the CA store, i.e. use `cert` which should be used for client certificates instead of `verify` which should be used for the CA store. I recommend to take a closer look at the documentation of what the arguments you use actually mean and maybe get some understanding of the difference between CA store and client certificate. – Steffen Ullrich Jun 20 '18 at 20:41
  • Also, the question I've marked here and in your previous question as the duplicate talks exactly about what you are doing wrong, i.e. using `cert` instead of `verify`. – Steffen Ullrich Jun 20 '18 at 20:43

0 Answers0