0

I have a question regarding an error I have in Python. I am trying to have access to an API via a certificate file.
This is the code I implemented: 
import base64
import ssl

certificate_file = "s2s-prod.cer"
certificate_secret = "UEbQ67AubZBK"
context = ssl.SSLContext()
context.load_cert_chain(certfile=certificate_file, password=certificate_secret)

When I try to run the code, I have this error: SSLError: [SSL] PEM lib (_ssl.c:4045). I decided to check the file _ssl.c on line 4045 to see what is this error.

if (capath && !PyUnicode_FSConverter(capath, &capath_bytes)) {
    if (PyErr_ExceptionMatches(PyExc_TypeError)) {
        PyErr_SetString(PyExc_TypeError,
                        "capath should be a valid filesystem path");
    }
    goto error;
}

Also, I checked the certificate file and the password is correct so I don't understand why I am getting this error.
Can someone explains to me what this error mean?
Is it because the certificate I was given is not working or is it because I did something wrong in the code?
I tested with another certificate and it is working so I was wondering what kind of input I should put in certfile.
Thank you in advance and let me know if you need more explanation (I tried to put as much information as I could).

rubzlebg
  • 1
  • 4
  • *"I checked the certificate file and the password is correct"* - how did you check this? How does the file look like, i.e. it is really in [PEM format](https://serverfault.com/questions/9708/what-is-a-pem-file-and-how-does-it-differ-from-other-openssl-generated-key-file)? – Steffen Ullrich Aug 06 '21 at 15:36
  • Hi @SteffenUllrich, I know the password is correct because when I run the Certificate Import Wizard (pfx file) and try the password, I was able to import the certificate. Then I exported the certificate and put it in the same folder than the script. The format of the file is CER. – rubzlebg Aug 06 '21 at 15:49
  • *"The format of the file is CER"* - there is no CER format. There is PFX, PEM, DER - but not CER. And PEM is what is expected by the Python code. – Steffen Ullrich Aug 06 '21 at 15:52
  • I tried to run the script with the PFX file and it is not working. So the problem comes from the file and not the code. Thanks. – rubzlebg Aug 06 '21 at 16:21
  • *"I tried to run the script with the PFX file ..."* - as I said, the code needs the file in PEM format. Not PFX, not DER, not "CER" (whatever this is) - but PEM. So you need to convert the file - see [Converting pfx to pem using openssl](https://stackoverflow.com/questions/15413646/converting-pfx-to-pem-using-openssl). – Steffen Ullrich Aug 06 '21 at 16:51

1 Answers1

0

Ok, I found the solution: I re-ran the certificate using an OpenSSL Command Prompt with the following command:

openssl pkcs12 -in clear-s2s-prod.pfx -out cfsb-prod.cer -nodes

command prompt ssl

rubzlebg
  • 1
  • 4