0

I am getting the infamous error

ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1131)

I tried almost all solutions available online so far but no luck. I am using pyoidc (with keycloak and superset) which uses urllib that fails to contact the auth server. Here is the part of my Dockerfile that tries to solve this error:

RUN pip install --upgrade certifi

COPY ssl/ /usr/local/share/ca-certificates/
RUN update-ca-certificates
RUN cat /usr/local/share/ca-certificates/mycert.crt >> /usr/local/lib/python3.8/site-packages/certifi/cacert.pem
RUN cat /usr/local/share/ca-certificates/mycert.crt >> /usr/local/lib/python3.8/site-packages/httplib2/cacerts.txt
ENV REQUESTS_CA_BUNDLE=/usr/local/lib/python3.8/site-packages/certifi/cacert.pem

I am still getting the error with these steps. What else should I do? Any ideas/help are greatly appreciated.

Cemre Mengü
  • 18,062
  • 27
  • 111
  • 169
  • certifi only makes sure that the publicly trusted CA as known from Firefox are also trusted by Python. It does not cause certificates issued by other CA to be trusted, nor self-signed certificates. It also does not help working around errors in the server setup which result in missing chain certificates. Unfortunately it is nothing known about the server certificate and the chain certificates provided by the server, so one cannot point out what the specific problem is here and how to solve it. – Steffen Ullrich Nov 11 '21 at 12:06
  • 1
    *"I tried all solutions available online so far but no luck"* - I'm pretty sure that you at most tried solutions you happen to find, which is likely not all solutions available. And it provides zero information of what you actually tried, which makes this statement basically useless. – Steffen Ullrich Nov 11 '21 at 12:09
  • @SteffenUllrich if you search for this problem the steps I provided inside the dockerfile are the only available solutions unfortunately but I will revise to say *almost* all. The specific problem is that I am geting the SSLCertVerificationError and I am not sure how to solve it. – Cemre Mengü Nov 11 '21 at 12:12
  • Sorry but I don't understand how I provide zero information about what I tried? Anyways please let me know if you have any ideas – Cemre Mengü Nov 11 '21 at 12:15
  • Zero detail of what you tried means no-one knows what you tried, i.e. zero useful information beyond "it doesn't work". Did you try all the unique possibilities in this https://stackoverflow.com/questions/52805115/certificate-verify-failed-unable-to-get-local-issuer-certificate ? – DisappointedByUnaccountableMod Nov 11 '21 at 12:23
  • @CemreMengü: *"Sorry but I don't understand how I provide zero information about what I tried?"* - you provided details about exactly one solution you tried, which is definitely not *"all solutions available"* and likely not *"almost all solutions available"* either. If this is the only solution you've *found* and tried then simply say so. – Steffen Ullrich Nov 11 '21 at 12:40

1 Answers1

0

Know this is late but just for other people...

My issue was that I was using virtuelenv. So I did:

cat /usr/local/share/ca-certificates/mycert.crt >> vendor/lib/python3.8/site-packages/certifi/cacert.pem

With vendor being my virtuelenv folder.

Thanks Cemre for the idea. Took a while to figure this one out.

TECH Fox
  • 13
  • 5