Trusting self signed certificate with Python requests

Question

My apache ssl conf has the following configs

#   Server Certificate:
SSLCertificateFile /etc/pki/tls/certs/localhost.crt

#   Server Private Key:
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key

I do not have the CA certificates for this server. Can I still install the localhost.crt into my clients to successfully verify my server?

On the client: I am using Python requests library (2.2.1). The default CA BUNDLE path is used. Even when I add the localhost.crt to the cacert.pem in the default path, I am unable to see the verification go through. I see the exception:

    File "/usr/lib/python2.7/site-packages/requests/adapters.py", line 385, in send
    raise SSLError(e)
SSLError: [Errno 1] _ssl.c:504: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

Am I doing anything wrong? Should I only add the CA who signed the localhost.crt in the server?

Thanks, Vijay

Answer 1

If you provided code and be more clear on what you're doing then you'd get a good answer.

If you want don't want to get the error even if you use an invalid certificate then try the verify=False attribute.

>>> requests.get('https://kennethreitz.com', verify=False)

If you want to use a custom certificate, then place the certificate in the script folder and use the cert=('/path/client.cert', '/path/client.key') argument.

>>> requests.get('https://kennethreitz.com', cert=('/path/client.cert', '/path/client.key')) .

For more info read the docs.python-requests.org/en/master/user/advanced/ site