Keystone Wirecloud身份验证失败：[SSL：CERTIFICATE_VERIFY_FAILED]

Question

When trying to authenticate in Wirecloud via KeyStone we get the following error displayed in the browser: 尝试通过KeyStone在Wirecloud中进行身份验证时，在浏览器中显示以下错误：

Environment:


Request Method: GET
Request URL: https://<ServerURL>/complete/fiware/?state=SDyJk9ru8wSLwUZIRtSrwI86jznMIv8O&code=WzIZ11YpmGAuZoltvTTGMGoP45ZtHe

Django Version: 1.6.11
Python Version: 2.7.9
Installed Applications:
('django.contrib.auth',
 'django.contrib.contenttypes',
 'django.contrib.sessions',
 'django.contrib.messages',
 'django.contrib.staticfiles',
 'django.contrib.admin',
 'wirecloud.commons',
 'wirecloud.defaulttheme',
 'compressor',
 'south',
 'wirecloud.catalogue',
 'wirecloud.platform',
 'wirecloud.fiware',
 'social.apps.django_app.default')
Installed Middleware:
('wirecloud.commons.middleware.URLMiddleware',)


Traceback:
File "/usr/local/venv/lib/python2.7/site-packages/django/core/handlers/base.py" in get_response
  112.                     response = wrapped_callback(request, *callback_args, **callback_kwargs)
File "/usr/local/venv/lib/python2.7/site-packages/django/views/decorators/cache.py" in _wrapped_view_func
  52.         response = view_func(request, *args, **kwargs)
File "/usr/local/venv/lib/python2.7/site-packages/django/views/decorators/csrf.py" in wrapped_view
  57.         return view_func(*args, **kwargs)
File "/usr/local/venv/lib/python2.7/site-packages/social/apps/django_app/utils.py" in wrapper
  51.             return func(request, backend, *args, **kwargs)
File "/usr/local/venv/lib/python2.7/site-packages/social/apps/django_app/views.py" in complete
  28.                        redirect_name=REDIRECT_FIELD_NAME, *args, **kwargs)
File "/usr/local/venv/lib/python2.7/site-packages/social/actions.py" in do_complete
  43.         user = backend.complete(user=user, *args, **kwargs)
File "/usr/local/venv/lib/python2.7/site-packages/social/backends/base.py" in complete
  41.         return self.auth_complete(*args, **kwargs)
File "/usr/local/venv/lib/python2.7/site-packages/social/utils.py" in wrapper
  229.             return func(*args, **kwargs)
File "/usr/local/venv/lib/python2.7/site-packages/social/backends/oauth.py" in auth_complete
  383.             method=self.ACCESS_TOKEN_METHOD
File "/usr/local/venv/lib/python2.7/site-packages/social/backends/oauth.py" in request_access_token
  361.         return self.get_json(*args, **kwargs)
File "/usr/local/venv/lib/python2.7/site-packages/social/backends/base.py" in get_json
  229.         return self.request(url, *args, **kwargs).json()
File "/usr/local/venv/lib/python2.7/site-packages/social/backends/base.py" in request
  224.             raise AuthFailed(self, str(err))

Exception Type: AuthFailed at /complete/fiware/
Exception Value: Authentication failed: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:581)

The Wirecloud log shows the following: Wirecloud日志显示以下内容：

[Fri Mar 04 08:09:51.933675 2016] [ssl:info] [pid 29119:tid 140090189723392] [client 172.30.20.99:63539] AH01964: Connection to child 20 established (server <ServerURL>:443)
[Fri Mar 04 08:10:04.388865 2016] [ssl:info] [pid 29120:tid 140090223294208] [client 172.30.20.99:63557] AH01964: Connection to child 80 established (server <ServerURL>:443)
[Fri Mar 04 08:10:04.443926 2016] [wsgi:error] [pid 29117:tid 140090323621632] Internal Server Error: /complete/fiware/
[Fri Mar 04 08:10:04.443940 2016] [wsgi:error] [pid 29117:tid 140090323621632] Traceback (most recent call last):
[Fri Mar 04 08:10:04.443942 2016] [wsgi:error] [pid 29117:tid 140090323621632]   File "/usr/local/venv/lib/python2.7/site-packages/django/core/handlers/base.py", line 112, in get_response
[Fri Mar 04 08:10:04.443945 2016] [wsgi:error] [pid 29117:tid 140090323621632]     response = wrapped_callback(request, *callback_args, **callback_kwargs)
[Fri Mar 04 08:10:04.443947 2016] [wsgi:error] [pid 29117:tid 140090323621632]   File "/usr/local/venv/lib/python2.7/site-packages/django/views/decorators/cache.py", line 52, in _wrapped_view_func
[Fri Mar 04 08:10:04.443950 2016] [wsgi:error] [pid 29117:tid 140090323621632]     response = view_func(request, *args, **kwargs)
[Fri Mar 04 08:10:04.443952 2016] [wsgi:error] [pid 29117:tid 140090323621632]   File "/usr/local/venv/lib/python2.7/site-packages/django/views/decorators/csrf.py", line 57, in wrapped_view
[Fri Mar 04 08:10:04.443954 2016] [wsgi:error] [pid 29117:tid 140090323621632]     return view_func(*args, **kwargs)
[Fri Mar 04 08:10:04.443956 2016] [wsgi:error] [pid 29117:tid 140090323621632]   File "/usr/local/venv/lib/python2.7/site-packages/social/apps/django_app/utils.py", line 51, in wrapper
[Fri Mar 04 08:10:04.443958 2016] [wsgi:error] [pid 29117:tid 140090323621632]     return func(request, backend, *args, **kwargs)
[Fri Mar 04 08:10:04.443960 2016] [wsgi:error] [pid 29117:tid 140090323621632]   File "/usr/local/venv/lib/python2.7/site-packages/social/apps/django_app/views.py", line 28, in complete
[Fri Mar 04 08:10:04.443962 2016] [wsgi:error] [pid 29117:tid 140090323621632]     redirect_name=REDIRECT_FIELD_NAME, *args, **kwargs)
[Fri Mar 04 08:10:04.443964 2016] [wsgi:error] [pid 29117:tid 140090323621632]   File "/usr/local/venv/lib/python2.7/site-packages/social/actions.py", line 43, in do_complete
[Fri Mar 04 08:10:04.443966 2016] [wsgi:error] [pid 29117:tid 140090323621632]     user = backend.complete(user=user, *args, **kwargs)
[Fri Mar 04 08:10:04.443968 2016] [wsgi:error] [pid 29117:tid 140090323621632]   File "/usr/local/venv/lib/python2.7/site-packages/social/backends/base.py", line 41, in complete
[Fri Mar 04 08:10:04.443971 2016] [wsgi:error] [pid 29117:tid 140090323621632]     return self.auth_complete(*args, **kwargs)
[Fri Mar 04 08:10:04.443973 2016] [wsgi:error] [pid 29117:tid 140090323621632]   File "/usr/local/venv/lib/python2.7/site-packages/social/utils.py", line 229, in wrapper
[Fri Mar 04 08:10:04.443975 2016] [wsgi:error] [pid 29117:tid 140090323621632]     return func(*args, **kwargs)
[Fri Mar 04 08:10:04.443977 2016] [wsgi:error] [pid 29117:tid 140090323621632]   File "/usr/local/venv/lib/python2.7/site-packages/social/backends/oauth.py", line 383, in auth_complete
[Fri Mar 04 08:10:04.443979 2016] [wsgi:error] [pid 29117:tid 140090323621632]     method=self.ACCESS_TOKEN_METHOD
[Fri Mar 04 08:10:04.443981 2016] [wsgi:error] [pid 29117:tid 140090323621632]   File "/usr/local/venv/lib/python2.7/site-packages/social/backends/oauth.py", line 361, in request_access_token
[Fri Mar 04 08:10:04.443983 2016] [wsgi:error] [pid 29117:tid 140090323621632]     return self.get_json(*args, **kwargs)
[Fri Mar 04 08:10:04.443985 2016] [wsgi:error] [pid 29117:tid 140090323621632]   File "/usr/local/venv/lib/python2.7/site-packages/social/backends/base.py", line 229, in get_json    
[Fri Mar 04 08:10:04.443987 2016] [wsgi:error] [pid 29117:tid 140090323621632]     return self.request(url, *args, **kwargs).json()
[Fri Mar 04 08:10:04.443995 2016] [wsgi:error] [pid 29117:tid 140090323621632]   File "/usr/local/venv/lib/python2.7/site-packages/social/backends/base.py", line 224, in request
[Fri Mar 04 08:10:04.443997 2016] [wsgi:error] [pid 29117:tid 140090323621632]     raise AuthFailed(self, str(err))
[Fri Mar 04 08:10:04.443999 2016] [wsgi:error] [pid 29117:tid 140090323621632] AuthFailed: Authentication failed: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:581)

And the Horizon log displays this: Horizon日志显示以下内容：

[Fri Mar 04 08:10:01.939771 2016] [ssl:info] [pid 29120:tid 140090282043136] [client 172.30.20.99:63555] AH01964: Connection to child 73 established (<ServerURL>:443)
[Fri Mar 04 07:10:02.175214 2016] [wsgi:error] [pid 29118:tid 140090390763264] No regions could be found excluding identity.
[Fri Mar 04 07:10:02.175651 2016] [wsgi:error] [pid 29118:tid 140090390763264] Login successful for user "<UserEmail>".
[Fri Mar 04 07:10:02.313486 2016] [wsgi:error] [pid 29118:tid 140090415941376] DEBUG:idm_logger:Requesting authorization for application: 904fd95c253c4938a824d1a443ce0fdd with redirect_uri: https://<ServerURL>/complete/fiware/         and scope: ['all_info'] by user <UserName>
[Fri Mar 04 07:10:02.346101 2016] [wsgi:error] [pid 29118:tid 140090415941376] DEBUG:idm_logger:OAUTH2: Application 904fd95c253c4938a824d1a443ce0fdd NOT alreadyauthorized
[Fri Mar 04 07:10:04.250695 2016] [wsgi:error] [pid 29118:tid 140090390763264] DEBUG:idm_logger:Authorizing application: 904fd95c253c4938a824d1a443ce0fdd by user: <UserName>
[Fri Mar 04 07:10:04.274461 2016] [wsgi:error] [pid 29118:tid 140090390763264] DEBUG:idm_logger:OAUTH2: Authorization Code obtained WzIZ11YpmGAuZoltvTTGMGoP45ZtHe
[Fri Mar 04 07:10:04.274541 2016] [wsgi:error] [pid 29118:tid 140090390763264] DEBUG:idm_logger:OAUTH2: Redirecting user back to https://<ServerURL>/complete/fiware/?state=SDyJk9ru8wSLwUZIRtSrwI86jznMIv8O&code=WzIZ11YpmGAuZoltvTTGMGoP45ZtHe
[Fri Mar 04 08:10:04.441087 2016] [ssl:info] [pid 29120:tid 140090189723392] [client 192.168.149.9:53270] AH01964: Connection to child 84 established (server <ServerURL>:443)
[Fri Mar 04 08:10:04.442137 2016] [ssl:info] [pid 29120:tid 140090189723392] [client 192.168.149.9:53270] AH02008: SSL library error 1 in handshake (server <ServerURL>:443)
[Fri Mar 04 08:10:04.442165 2016] [ssl:info] [pid 29120:tid 140090189723392] SSL Library Error: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca (SSL alert number 48)
[Fri Mar 04 08:10:04.442174 2016] [ssl:info] [pid 29120:tid 140090189723392] [client 192.168.149.9:53270] AH01998: Connection closed to child 84 with abortive shutdown (server <ServerURL>:443)

Horizon and Wirecloud run on the same apache, Wirecloud under port 443 and Horizon under port 40443. Both use the same cert files for ssl and work, called by themself, fine. Horizon和Wirecloud在相同的Apache上运行，Wirecloud在端口443下，Horizon在端口40443下。两者都使用相同的cert文件用于ssl和工作，由他们自己调用也可以。 Those cert files are currently self signed ones. 这些证书文件当前是自签名文件。

Since I am pretty new to ssl usage in apache any halp would be much appreciated. 由于我对apache的ssl用法还很陌生，因此任何暂停都将不胜感激。

Answer 1

As you are using self-signed certificates, the best option is including your cert into the list of trusted certificates. 当您使用自签名证书时，最好的选择是将您的证书包含在受信任证书的列表中。 requests (the module used for making this request) usually uses a bundle by default (it depends on the installation method). 默认情况下， requests （用于发出此请求的模块）通常使用捆绑包（取决于安装方法）。 You can edit that bundle for adding your cert (see this link for more details) although you will have to update this bundle every time you upgrade the requests module. 您可以编辑该软件包以添加证书（有关更多详细信息，请参见此链接），尽管每次升级requests模块时都必须更新此软件包。

Another option, is to configure requests for using the trusted certs repository from the OS. 另一个选择是从OS配置使用受信任证书存储库的requests 。 This can be configured using the REQUESTS_CA_BUNDLE environment var (eg by editing your wgsi.py file adding something similar to this: os.environ['REQUESTS_CA_BUNDLE'] = "/etc/ssl/certs/ca-certificates.crt" ). 这可以使用配置REQUESTS_CA_BUNDLE环境VAR（例如，通过编辑wgsi.py文件中添加类似这样的东西： os.environ['REQUESTS_CA_BUNDLE'] = "/etc/ssl/certs/ca-certificates.crt" ）。 The operation of adding your cert into the trusted repository depends on your OS, but there is a lot of information about this matter on google (eg here you can find how to do it using Debian/Ubuntu). 将证书添加到受信任的存储库中的操作取决于您的操作系统，但是google上有很多有关此问题的信息（例如，您可以在其中找到使用Debian / Ubuntu的方法）。

Keystone Wirecloud身份验证失败：[SSL：CERTIFICATE_VERIFY_FAILED]

问题描述

1 个解决方案

解决方案1
1 已采纳 2016-03-04 17:24:12

Keystone Wirecloud身份验证失败：[SSL：CERTIFICATE_VERIFY_FAILED]

问题描述

1 个解决方案

解决方案1 1 已采纳 2016-03-04 17:24:12

解决方案1
1 已采纳 2016-03-04 17:24:12