Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Self signed SSL certs fail

See original GitHub issue

I have a self signed certificate that I want to verify against a root-ca that was used to create it. I connect to elasticsearch using:

    es_connections.create_connection(
        hosts=["myhost"],
        port=9200)
        ca_certs="root-ca.pem",
        timeout=60,
        scheme="https",
        use_ssl=True,
        ssl_assert_hostname=False
    )

This results in:

  File "/app/env/lib/python3.7/site-packages/urllib3/util/retry.py", line 343, in increment,
    raise six.reraise(type(error), error, _stacktrace),
  File "/app/env/lib/python3.7/site-packages/urllib3/packages/six.py", line 685, in reraise,
    raise value.with_traceback(tb),
  File "/app/env/lib/python3.7/site-packages/urllib3/connectionpool.py", line 600, in urlopen,
    chunked=chunked),
  File "/app/env/lib/python3.7/site-packages/urllib3/connectionpool.py", line 343, in _make_request,
    self._validate_conn(conn),
  File "/app/env/lib/python3.7/site-packages/urllib3/connectionpool.py", line 839, in _validate_conn,
    conn.connect(),
  File "/app/env/lib/python3.7/site-packages/urllib3/connection.py", line 344, in connect,
    ssl_context=context),
  File "/app/env/lib/python3.7/site-packages/urllib3/util/ssl_.py", line 344, in ssl_wrap_socket,
    return context.wrap_socket(sock, server_hostname=server_hostname),
  File "/usr/local/lib/python3.7/ssl.py", line 412, in wrap_socket,
    session=session,
  File "/usr/local/lib/python3.7/ssl.py", line 853, in _create,
    self.do_handshake(),
  File "/usr/local/lib/python3.7/ssl.py", line 1117, in do_handshake,
    self._sslobj.do_handshake(),
urllib3.exceptions.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate (_ssl.c:1056),

I have also tried using the ssl_context to no avail. The only solution for now was to disable ssl verification. Additionally, the parameter ssl_show_warn doesn’t work either. Warnings still appear.

Issue Analytics

State:
Created 4 years ago
Comments:6 (2 by maintainers)

Top GitHub Comments

2reactions

EdgeSynccommented, Dec 3, 2019

Have you tried verify_certs=False? like so:

es_connections.create_connection( hosts=[“myhost”], port=9200) ca_certs=“root-ca.pem”, verify_certs=False, timeout=60, scheme=“https”, use_ssl=True, ssl_assert_hostname=False )

0reactions

sethmlarsoncommented, Oct 20, 2021

I would suggest using ssl_assert_fingerprint with the certificate hash if possible. Otherwise for local development with a self-signed cert usingverify_certs=False is fine, just make sure not to use in production.

Top Results From Across the Web

Openssl : error "self signed certificate in certificate chain"

You have a certificate which is self-signed, so it's non-trusted by default, that's why OpenSSL complains. This warning is actually a good thing, ......

6 Ways to fix : SSL certificate problem: self signed ... - Jhooq

First you need to locate where you have downloaded the self signed certificate file . · Now you need to open the Keychain...

Why are self signed certificates not trusted and is there a way ...

Self-signed certificates are inherently not trusted by your browser because a certificate itself doesn't form any trust, ...

I get "Certificate is not trusted because it is self-signed" error ...

There might be several possible reasons why you get this error when you try to access your web site: A self-signed certificate was...

Resolving SSL Self-Signed Certificate Errors

If you're using a self-signed certificate on your Bitbucket server, you may receive SSL certificate errors when you try to perform certain ...