SSL: CERTIFICATE_VERIFY_FAILED
have to rely on corporate certificate server
From time to time when using network function, I have this kind of errors:
Traceback (most recent call last):
File "/home/guillaume/miniconda/envs/dataset_tools/lib/python3.9/urllib/request.py", line 1346, in do_open
h.request(req.get_method(), req.selector, req.data, headers,
File "/home/guillaume/miniconda/envs/dataset_tools/lib/python3.9/http/client.py", line 1285, in request
self._send_request(method, url, body, headers, encode_chunked)
File "/home/guillaume/miniconda/envs/dataset_tools/lib/python3.9/http/client.py", line 1331, in _send_request
self.endheaders(body, encode_chunked=encode_chunked)
File "/home/guillaume/miniconda/envs/dataset_tools/lib/python3.9/http/client.py", line 1280, in endheaders
self._send_output(message_body, encode_chunked=encode_chunked)
File "/home/guillaume/miniconda/envs/dataset_tools/lib/python3.9/http/client.py", line 1040, in _send_output
self.send(msg)
File "/home/guillaume/miniconda/envs/dataset_tools/lib/python3.9/http/client.py", line 980, in send
self.connect()
File "/home/guillaume/miniconda/envs/dataset_tools/lib/python3.9/http/client.py", line 1454, in connect
self.sock = self._context.wrap_socket(self.sock,
File "/home/guillaume/miniconda/envs/dataset_tools/lib/python3.9/ssl.py", line 501, in wrap_socket
return self.sslsocket_class._create(
File "/home/guillaume/miniconda/envs/dataset_tools/lib/python3.9/ssl.py", line 1041, in _create
self.do_handshake()
File "/home/guillaume/miniconda/envs/dataset_tools/lib/python3.9/ssl.py", line 1310, in do_handshake
self._sslobj.do_handshake()
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1129)
My company uses some ssl interceptor and it has to be considered as a cert autority.
where certifcates are kept
import certifi
pem_path = certifi.where()
pem_path
get company certificates
tmpdir = !mktemp -d
tmpdir
!git clone git@gitlab.michelin.com:DEV/bib-certificates.git {tmpdir[0]}
!ls -l {tmpdir[0]}/*trust-ca.pem
import os
for filename in os.listdir(tmpdir[0]):
if filename.endswith("trust-ca.pem"):
# print(os.path.join(directory, filename))
!cat {os.path.join(tmpdir[0], filename)} >> {pem_path}
continue
else:
continue
import urllib.request
with urllib.request.urlopen('http://python.org/', cafile=certifi.where()) as response:
html = response.read()
html[:100]
and from a command-line
export SSL_CERT_FILE='/home/guillaume/miniconda/envs/dataset_tools/lib/python3.9/site-packages/certifi/cacert.pem'
nbdev_new
I will modify SSL cert of my (base) environment.
and add export SSL_CERT_FILE
in .bashrc
I have made the modification at install ubuntu 22.04 on WSL
!cat ../files/setup_wsl_02_install_python_conda_part3.sh