1

I want to connect and retrieve certificates from servers and some of them are self signed. I want python to trust any of these certs, is it possible to do this?

All of the certs are on applications running inside a private vpc and I want to check the expiry date of these certificates.

I get the following exception for self signed certs:

SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate

Below is my code:

context = ssl.create_default_context()
    conn = context.wrap_socket(
        socket.socket(socket.AF_INET),
        server_hostname=domain_name,
    )

    conn.settimeout(6.0)
    conn.connect((domain_name, 443))
    ssl_info = conn.getpeercert()

I have tried calling ssl._create_unverified_context() instead of ssl.create_default_context() but I do not get any peer info from the connection if I do that.

Thanks

berimbolo
  • 3,319
  • 8
  • 43
  • 78
  • While the title of the question and the one I've marked as duplicate does not suggest a duplicate, your goal is actually not to trust a self-signed certificate but to get certificate details even in cases you cannot trust the certificate. And that's what the other question answers. – Steffen Ullrich Jul 04 '19 at 16:55
  • Agreed, I didnt come across this post. I was getting the issue you describe where calling `getpeercert()` without `True` meant I got back an empty dictionary – berimbolo Jul 04 '19 at 17:03

0 Answers0