Here is my code
os.environ['REQUESTS_CA_BUNDLE'] = os.path.join('/path/to/','ca-own.crt')
s = requests.Session()
s.cert = ('some.crt', 'some.key')
s.get('https://some.site.com')
Last instruction returns:
requests.exceptions.SSLError: HTTPSConnectionPool(host='some.site.com', port=443): Max retries exceeded with url: / (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1131)')))
With curl:
curl --cacert ca-own.crt --key some.key --cert some.crt https://some.site.com
returns normal html code.
How can i make python requests.Session send correct certificates to the endpoint?
PS The same situation will be if i add the following
s.verify = 'some.crt'
or
cat some.crt ca-own.crt > res.crt
s.verify = 'res.crt'
PPS
cat some.crt some.key > res.pem
s.cert = "res.pem"
requests.exceptions.SSLError: HTTPSConnectionPool(host='some.site.com', port=443): Max retries exceeded with url: / (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1131)')))
cat ca-own.crt some.crt some.key > res.pem
s.cert = "res.pem"
requests.exceptions.SSLError: HTTPSConnectionPool(host='some.site.com', port=443): Max retries exceeded with url: / (Caused by SSLError(SSLError(116, '[X509: KEY_VALUES_MISMATCH] key values mismatch (_ssl.c:4067)')))
Above code will work if you put verify=False
in the GET request, but it's not ideal security wise(Man in the middle attacks) thus you need to add the CA certificate(issuer's certificate) file to the verify parameter. More info here
session = requests.Session()
session.verify = "/path/to/issuer's certificate"(CA certificate)
session.get('https://some.site.com')
you can try this - session = requests.Session()
session.verify = "your CA cert"
response = session.get(url, cert=('path of client cert','path of client key'))
session.close()
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.