[英]Python - [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1091)
I have an Amazon linux 2 VM and I am making a python requests from this VM.我有一个 Amazon linux 2 VM,我正在从这个 VM 发出一个 python 请求。 For making the request I am using self signed certificate.为了提出请求,我使用自签名证书。
I have appended the self signed certificate file content to the file "/etc/pki/tls/certs/ca-bundle.crt".我已将自签名证书文件内容附加到文件“/etc/pki/tls/certs/ca-bundle.crt”中。
The CURL command works fine, however when making requests using python's requests method it throws below error. CURL 命令工作正常,但是当使用 python 的 requests 方法发出请求时,它会抛出以下错误。
ERROR : (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1091)'))错误 : (由 SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] 证书验证失败:无法获得本地颁发者证书 (_ssl.c:1091)') 引起))
I tried using "verify" parameter for Python requests method by providing path of both "MyAppcert.crt" as well as "ca_bundle.crt" files, however both approach fails.我尝试通过提供“MyAppcert.crt”和“ca_bundle.crt”文件的路径来为Python请求方法使用“verify”参数,但是这两种方法都失败了。
import requests
requests.get("https://<my-endpoint>:8888/", verify="/home/ec2-user/ssl_cert/MyAppcert.crt")
This same use case works fine on Windows server.同样的用例在 Windows 服务器上运行良好。
Any help will be appreciated.任何帮助将不胜感激。
Regards,问候,
Rahul Kumbhar拉胡尔·库巴尔
@SteffenUllrich Thank you for the response. @SteffenUllrich 感谢您的回复。 I verified my certificate using "openssl x509 -in file.pem -text" and found that "keyUsage = Certificate Sign" was missing.我使用“openssl x509 -in file.pem -text”验证了我的证书,发现缺少“keyUsage = Certificate Sign”。 After creating new certificate with "keyUsage = Certificate Sign" the issue was resolved.使用“keyUsage = Certificate Sign”创建新证书后,问题已解决。
you need to fake the SSL when you send the socket.您需要在发送套接字时伪造 SSL。 Try this in your code:在你的代码中试试这个:
import ssl
# Ignore SSL certificate errors
ctx = ssl.create_default_context()
ctx.check_hostname = False
ctx.verify_mode = ssl.CERT_NONE
or
import ssl
ssl._create_default_https_context = ssl._create_unverified_context
Both working very well for me, for example - https://twitter.com/bro_dev_/status/1447598426120720384?s=20 I have run this code today and it worked.两者对我来说都很好,例如 - https://twitter.com/bro_dev_/status/1447598426120720384?s=20我今天运行了这个代码并且它起作用了。 from: https://github.com/webprice/python-twitter-examples/blob/f8ad6f69f423afdcbd83d89cc7e17e2f61d92ed4/bs4_SSL来自: https : //github.com/webprice/python-twitter-examples/blob/f8ad6f69f423afdcbd83d89cc7e17e2f61d92ed4/bs4_SSL
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.