0

I can connect fine with Python to any external https site without this error: SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1108)')))

But I have a local webserver on my laptop with a self-signed certificate that works fine in itself but Python generates an _ssl.c:1108 error when I try to connect to it.

Any ideas?

Al Persohn
  • 1
  • 1
  • 1
  • I can use verify=false, but even though local, it does not seem like the best approach – Al Persohn Apr 15 '20 at 05:28
  • If it's a self-signed certificate you have two options, either set verify=false, as you noted, or trust the certificate authority that was used to sign the certificate. – pst Apr 15 '20 at 15:18
  • https://stackoverflow.com/questions/41691327/ssl-sslerror-ssl-certificate-verify-failed-certificate-verify-failed-ssl-c solution `/Applications/Python\ 3.6/Install\ Certificates.command`[quote] works. – whitespace Jun 07 '20 at 11:17

1 Answers1

0

The python client does not have access and trust the CA certificate that signed the web server certificate. In your case that is the self-signed web server certificate.

To get the python client working, you can do the following:

  1. disable certificate verification. That is not a good idea but I guess is ok for a quick test. The emphasis is on "it is not recommended".
  2. Download the self-signed certificate and make it accessible to the python client and specify it as trusted CA certificate.
  3. Download and install a certificate from well known CAs such as LetsEncrypt (free) or commercial CAs. This is the recommended approach.

You could go into depth on the items mentioned herein and get a conceptual understanding how TLS operates.

EDIT 1: You could also get a free certificate from LetsEncrypt CA. Or you could get a free test certificate from most of the commercial CAs like DigiCert etc. See this link for getting and installing a free test certificate signed by a DigiCert test CA.

See this for details on python client configuration for TLS.

Khanna111
  • 3,627
  • 1
  • 23
  • 25