SSL Certificate Verification fails when logging into Azure Container Registry
Question
I am new to Azure and am trying to get the command line working from my computer (mac OS). I installed the azure-cli via homebrew and when I execute az login , I get the following error:
Error occurred in request., SSLError: HTTPSConnectionPool(host='management.azure.com', port=443): Max retries exceeded with url: /tenants?api-version=2016-06-01 (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'ssl3_get_server_certificate', 'certificate verify failed')],)",),))
Traceback (most recent call last):
File "/usr/local/Cellar/azure-cli/2.0.25/libexec/lib/python3.6/site-packages/urllib3/contrib/pyopenssl.py", line 441, in wrap_socket
cnx.do_handshake()
File "/usr/local/Cellar/azure-cli/2.0.25/libexec/lib/python3.6/site-packages/OpenSSL/SSL.py", line 1806, in do_handshake
self._raise_ssl_error(self._ssl, result)
File "/usr/local/Cellar/azure-cli/2.0.25/libexec/lib/python3.6/site-packages/OpenSSL/SSL.py", line 1546, in _raise_ssl_error
_raise_current_error()
File "/usr/local/Cellar/azure-cli/2.0.25/libexec/lib/python3.6/site-packages/OpenSSL/_util.py", line 54, in exception_from_error_queue
raise exception_type(errors)
OpenSSL.SSL.Error: [('SSL routines', 'ssl3_get_server_certificate', 'certificate verify failed')]
I have tried the following:
export ADAL_PYTHON_SSL_NO_VERIFY=1
export AZURE_CLI_DISABLE_CONNECTION_VERIFICATION=1
as per this: https://github.com/Azure/azure-cli/issues/2267
and that lets me log in, but when I execute az acr login --name <registry name> I get a similar error again:
HTTPSConnectionPool(host='registryName.azurecr.io', port=443): Max retries exceeded with url: /v2/ (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'ssl3_get_server_certificate', 'certificate verify failed')],)",),))
Traceback (most recent call last):
File "/usr/local/Cellar/azure-cli/2.0.25/libexec/lib/python3.6/site-packages/urllib3/contrib/pyopenssl.py", line 441, in wrap_socket
cnx.do_handshake()
File "/usr/local/Cellar/azure-cli/2.0.25/libexec/lib/python3.6/site-packages/OpenSSL/SSL.py", line 1806, in do_handshake
self._raise_ssl_error(self._ssl, result)
File "/usr/local/Cellar/azure-cli/2.0.25/libexec/lib/python3.6/site-packages/OpenSSL/SSL.py", line 1546, in _raise_ssl_error
_raise_current_error()
File "/usr/local/Cellar/azure-cli/2.0.25/libexec/lib/python3.6/site-packages/OpenSSL/_util.py", line 54, in exception_from_error_queue
raise exception_type(errors)
OpenSSL.SSL.Error: [('SSL routines', 'ssl3_get_server_certificate', 'certificate verify failed')]
Is there anything I can do to solve this? Thanks in advance.
2 answers
solution1
0 2018-08-29 00:32:34
I think the problem is that the Python library doesn't perform the handshake properly. Judging by the errors, OpenSSL doesn't seem to want to trust the request when it is made by the Python script.
https://pyopenssl.org/en/stable/api.html This site gives information about the OpenSSL library. The Python scripts don't seem to be implementing the SSL functions correctly.
solution2
0 2019-11-20 11:48:27
尝试按照此处的文档中所述设置 REQUESTS_CA_BUNDLE: https : //github.com/Azure/azure-cli/blob/dev/doc/use_cli_effectively.md#working-behind-a-proxy
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.