How to get ca certificates for python requests?

Question

I am trying to run a python script that connects to myhost.comapny.com:8443 but it is giving SSL certificate error while running

 (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1122)')))

My code is as follow:

import requests

url = "https://myhost.comapny.com:8443/environments/test/deplpyments"

payload={}
files=[
  ('request',('test.yaml',open('test.yaml','rb'),'application/octet-stream'))
]
headers = {
  'Content-Type': 'multipart/form-data',
  'Authorization': 'token'
}

response = requests.request("POST", url, headers=headers, data=payload, files=files,verify="/user/test/company.cert")

print(response.text)

I have added certificate as :

openssl s_client -showcerts -connect myhost.comapny.com:8443 </dev/null 2>/dev/null | openssl x509 -text >company.cert

But still it is not working and same error is coming as SSL verification failure. It seems that I am not generating certificate correctly.Can someone point me how can i do that correctly?

Does this answer your question? [Python SSL certificate verify error](https://stackoverflow.com/questions/51390968/python-ssl-certificate-verify-error) — Code-Apprentice, Jul 09 '21 at 20:17
No.I am more interested to know how to generate certificated that i can supply to requests?It seems I am generating it wrong.My code is fine,it does not have any problem. — user124, Jul 09 '21 at 20:23
Why do you need to generate a certificate at all? Certificates are generated by site owners, not the client that makes requests from a site. — Code-Apprentice, Jul 09 '21 at 20:27
we need to add trusted certificate at client side while making call to server right?In java i add using keytool in caerts as above mentioned way. In python either i can add using pip, that i dont wana try because of some restrictions.So manually i am trying to put certifcate in request as it is allowed by python — user124, Jul 09 '21 at 20:30
i resolved it by using : openssl s_client -showcerts -connect myhost.comapny.com:8443 /dev/null > company.ca — user124, Jul 09 '21 at 21:23
So it sounds like the initial problem is actually with your system/OS, not with Python, and you just needed to install the certs. — Code-Apprentice, Jul 09 '21 at 22:50
yeah.i was putting them in wrong way as i mentioned earlier in question — user124, Jul 09 '21 at 22:52

score 0 · Answer 1 · answered Jul 09 '21 at 20:22

0

Are your required to verify the certificate? If not, you can try to set "verify=False".

answered Jul 09 '21 at 20:22

user1453863

1
3

yes i need to do that else my post does not work properly. I tried switching off ssl in groovy/unix and in python also.My request does not go through. – user124 Jul 09 '21 at 20:24

score 0 · Accepted Answer · answered Jul 11 '21 at 19:53

Correct command to import cacerts using python that worked for me is :

openssl s_client -showcerts -connect myhost.comapny.com:8443 </dev/null 2>/dev/null > company.ca

Then i supplied "company.ca" path, to the requests as a parameter to specify cacaert location.

How to get ca certificates for python requests?

2 Answers2