Python SSL请求和Let的加密证书
[英]Python SSL requests and Let's Encrypt certs
问题描述
I'm struggling at the moment to get the requests library to perform a simple GET request to a site of mine with a Let's Encrypt certificate. 
我现在正在努力让请求库使用Let的加密证书对我的网站执行一个简单的GET请求。 All's well with the site and I can access it from Chrome just fine. 一切都很好的网站,我可以从Chrome访问它就好了。 (I'm running OSX El Capitan at the moment). (我现在正在运行OSX El Capitan)。
First I tried doing a GET request to the site: 首先,我尝试向网站发出GET请求:
>>> import requests
>>> requests.get('https://example.com')
This gives me: 这给了我:
requests.exceptions.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590)
I then tried various things, including getting hold of the Let's Encrypt authority certificate , and the following openssl command verifies my site's certificate successfully: 然后,我尝试了各种各样的事情,包括获取Let的加密权限证书 ,以下openssl命令成功验证我的站点的证书:
> openssl s_client -CAfile ./letsencryptauthorityx1.pem -connect example.com:443
The output of which included the following towards the bottom: 其输出包括以下内容:
...
SSL-Session:
Protocol : TLSv1
Cipher : DHE-RSA-AES256-SHA
Session-ID: ...
Session-ID-ctx:
Master-Key: ...
Key-Arg : None
Start Time: 1452865123
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
Perhaps I'm missing something here, but it looks to me as though my site's been verified according to the Let's Encrypt authority certificate I supplied. 也许我在这里遗漏了一些东西,但它看起来好像我的网站已经根据我提供的Let's Encrypt授权证书进行了验证。 So, I happily changed my Python code to: 所以,我很高兴地将我的Python代码更改为:
>>> requests.get('https://example.com', verify='./letsencryptauthorityx1.pem')
But I still keep getting the requests.exceptions.SSLError error. 但我仍然不断收到requests.exceptions.SSLError错误。 I've also tried using the DER format of the authority certificate, but then I get the following error from requests : 我也尝试使用权威证书的DER格式,但后来我从requests得到以下错误:
requests.exceptions.SSLError: unknown error (_ssl.c:2825)
Can anybody perhaps educate me as to how to go about fixing this? 任何人都可以教我如何解决这个问题吗?
3 个解决方案
解决方案1
4 已采纳 2016-03-15 21:48:31
听起来您机器上的CA CERTS不是最新的,或者Web服务器未配置为服务于完整的证书链。
解决方案2
0 2016-07-20 02:54:00
On OSX you can export all the certs in your keychain access to a .pem file and then point requests to that file: http://movingpackets.net/2015/03/18/telling-openssl-about-your-root-certificates/ 在OSX上,您可以将钥匙串访问中的所有证书导出到.pem文件,然后将请求指向该文件: http : //movingpackets.net/2015/03/18/telling-openssl-about-your-root-certificates /
CA_BUNDLE = path_to_your_exported_file.pem
response = requests.get(user_account_url, verify=CA_BUNDLE)
解决方案3
0 2018-07-13 20:06:00
For any lost soul that stumbled upon this post while looking for a Windows Fix for this issue. 对于任何迷失的灵魂,在寻找此问题的Windows修补程序时偶然发现了这篇文章。
Using Chrome: 使用Chrome:
- Open the URL in using HTTPS. 使用HTTPS打开URL。
- On the address bar click where it says "Secure". 在地址栏上单击“安全”。
- Click on certificate. 单击证书。
- Go to the "Certification Path" tab. 转到“证书路径”选项卡。
- Select "Let's Encrypt Authority X3" (Go up one level) then click "View Certificate". 选择“让我们加密权限X3”(向上一级),然后单击“查看证书”。
- Go to the "Details" tab and click "Export to File". 转到“详细信息”选项卡,然后单击“导出到文件”。
- On the Wizard click next and select "Base-64 encoded X.509 (.CER)", click next again. 在向导上单击下一步并选择“Base-64 encoded X.509(.CER)”,再次单击“下一步”。
- Select a folder and name for the file (Remember this directory). 选择文件的文件夹和名称(记住此目录)。
- Go to that folder and right click the certificate and click "Install Certificate". 转到该文件夹并右键单击证书,然后单击“安装证书”。
- Select Local Machine (Requires Admin Rights), click next. 选择本地计算机(需要管理员权限),单击下一步。
- Select "Automatically select the certificate store..." (Default), click next. 选择“自动选择证书存储...”(默认),然后单击“下一步”。
- Click Finish. 单击完成。
- Run your Python Script again. 再次运行Python脚本。
Disclaimer: Using Chrome 67.0.3396.99 with Windows 10 64-Bit. 免责声明:使用Chrome 67.0.3396.99与Windows 10 64位。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.