SSL: CERTIFICATE_VERIFY_FAILED Error in Django running through uwsgi on nginx webserver

Question

I am running Django REST API project through uwsgi in nginx webserver. Also configured ssl for HTTPS.

In project directory there are certificate & key files (as below), which helps to establish the secured HTTPS connection.

/my-project/test-cert.pem
/my-project/test-cert.KEY

I have checked from browser, the https://mysite.domain.com/ is returning all the APIs, and the https://mysite.domain.com/admin/ is returning the Django Admin page.

This means the Django is responding properly.

I am facing error in calling my internal APIs through external web URLs.

https://mysite.domain.com/api/account/ is my web url which will call the https://mysite.domain.com/user-list-details/api internally.

Both the above APIs (/api/account/ & /user-list-details/) are mentioned in my Django urls.py.

The sequence is that API-1 will be called from my Angular front-end and API-2 will be called internally by Django REST. API-2 will fetch data from DB and returns back to Angular through API-1.

This structure is basically designed to serve the purpose of our business logic and was working fine for HTTP version of my project but now I am facing issue after implementing HTTPS.

Sample code of internal API call:

import requests

# I have tried with three different certificates available. 

CERT_1 = '/etc/ssl/certs/ca-bundle.crt'
CERT_2 = '/my-project/test-cert.pem'
CERT_3 = '/tech/lib/python3.5/site-packages/certifi/cacert.pem'

url = 'https://mysite.domain.com/user-list-details/'
apisession = requests.Session()
response = apisession.get(url, verify=CERT_1) # <= Error in this line

Error:

HTTPSConnectionPool(host='', port=443); Max reties exceeded with url: /user-list-details/?query=all&name=Jhon (caused by SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:645)'),))

I have tried using the bundle certificate (CERT_1), but for that I am getting 504 error. I tried verify=False though not recommended, but getting 504 error.

I have checked similar posts as this: Python Requests throwing SSLError but didn't get any way out.

I also learned from http://docs.python-requests.org/en/master/user/advanced/

The private key to your local certificate must be unencrypted. Currently, Requests does not support using encrypted keys.

So, is there something I am missing in Django settings? or is it possible to use self signed certificate for this?

Anyone have any solution for this issue.. please share thought. — iPaul, Sep 16 '18 at 18:05

score 0 · Answer 1 · answered Sep 10 '18 at 17:58

0

Check the interface where you are calling the internal APIs from external requests. External requests are Https call and this one is http call. So https to/from http will face the problem. Convert them also in https call. It might help. Please post if it helps.

answered Sep 10 '18 at 17:58

SamCodes

384
4
17

Both Internal & External calls are now HTTPS, configured using SSL certs and hosted via uwsgi in nginx server. See the above codes. – iPaul Sep 10 '18 at 18:02

SSL: CERTIFICATE_VERIFY_FAILED Error in Django running through uwsgi on nginx webserver

1 Answers1