0

I'm trying a get request using the certs I downloaded from https://host:port.

enter image description here

url = 'https://host:port' x = requests.get(url, verify = "file.crt") prettified_json = json.dumps(x.json(), indent=4) print(prettified_json)

I tried it both with crt and pem file. Same result.

Top certificate returns error.

[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get issuer certificate

Bottom one return error

[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain.

I tried checking the certificates using curl.

curl --cacert "file.crt" "https://host:port/"

It returns a valid json response.

I know I can set verify = False(I tried it and it works), but it's a temporary insecure measure. So I would prefer not to.

I tried adding certs to my cacert.pem like here, it didn't help. I also tried creating a separate pem file in my working dir and appending both certs there. It didn't help.

What else can I do?

Improve this question

1 Answer 1

Reset to default
0

Try to use the full certificate chain, including the root CA certificate and any intermediate certificates. The chain should be in the correct order:

-----BEGIN CERTIFICATE----- Domain certificate -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- Intermediate CA certificate -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- Root CA certificate -----END CERTIFICATE-----

Combine both of these certificates into one CA bundle file. You can simply do it using any text editor. Or use cat if you use Linux:

cat first_cert.pem second_cert.pem > combined_cert.pem
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

I tried appending the two certs in different order. It didn't work. I asked the admin for some more certs. One of them fixed my problem.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.