Getting Data In

Why am I getting "CERTIFICATE_VERIFY_FAILED" using splunk-sdk with python on Windows?

ctxrag
Explorer

File "C:\Python27\Lib\ssl.py", line 840, in do_handshake
self._sslobj.do_handshake()
ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:661)

Team,
Any hint as I am badly blocked and this is windows, not Linux.

0 Karma

ctxrag
Explorer

here is the complete error trace from pycharm on windows:

C:\Python27\python.exe C:/Development/Automation/splunk-sdk-python/examples/abc/a.py
Traceback (most recent call last):
File "C:/Development/Automation/splunk-sdk-python/examples/abc/a.py", line 43, in
connection.request("POST", "/services/auth/login", body, headers)
File "C:\Python27\lib\httplib.py", line 1042, in request
self.send_request(method, url, body, headers)
File "C:\Python27\lib\httplib.py", line 1082, in _send_request
self.endheaders(body)
File "C:\Python27\lib\httplib.py", line 1038, in endheaders
self._send_output(message_body)
File "C:\Python27\lib\httplib.py", line 882, in _send_output
self.send(msg)
File "C:\Python27\lib\httplib.py", line 844, in send
self.connect()
File "C:\Python27\lib\httplib.py", line 1263, in connect
server_hostname=server_hostname)
File "C:\Python27\lib\ssl.py", line 363, in wrap_socket
_context=self)
File "C:\Python27\lib\ssl.py", line 611, in __init
_
self.do_handshake()
File "C:\Python27\lib\ssl.py", line 840, in do_handshake
self._sslobj.do_handshake()
ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:661)

Process finished with exit code 1

0 Karma

muralikoppula
Communicator

On Windows, Python does not look at the system certificate, it uses its own located at ?\lib\site-packages\certifi\cacert.pem.

The solution to your problem:

  • download the domain validation certificate as *.crt or *pem file
  • open the file in editor and copy it's content to clipboard
  • find your cacert.pem location: from requests.utils import DEFAULT_CA_BUNDLE_PATH; print(DEFAULT_CA_BUNDLE_PATH)
  • edit the cacert.pem file and paste your domain validation certificate at the end of the file.
  • Save the file and enjoy requests!
0 Karma

ctxrag
Explorer

Thanks so much..

I found the ca cert under below using

from requests.utils import DEFAULT_CA_BUNDLE_PATH

print(DEFAULT_CA_BUNDLE_PATH)

C:\Users\ahmeduddinm.CITRITE\AppData\Roaming\Python\Python27\site-packages\certifi\cacert.pem

0 Karma

ctxrag
Explorer

ok, figured out that ur splunk instance was using private CA. However, i disabled the SSL Cert verify in ssl.py of python 27.14.

But still getting this error: Any hint what this indicates?

C:\Python27\python.exe C:/Development/Automation/splunk-sdk-python/examples/abc/a.py
Traceback (most recent call last):
File "C:/Development/Automation/splunk-sdk-python/examples/abc/a.py", line 43, in
connection.request("POST", "/services/auth/login", body, headers)
File "C:\Python27\lib\httplib.py", line 1042, in request
self._send_request(method, url, body, headers)
File "C:\Python27\lib\httplib.py", line 1082, in _send_request
self.endheaders(body)
File "C:\Python27\lib\httplib.py", line 1038, in endheaders
self._send_output(message_body)
File "C:\Python27\lib\httplib.py", line 882, in _send_output
self.send(msg)
File "C:\Python27\lib\httplib.py", line 844, in send
self.connect()
File "C:\Python27\lib\httplib.py", line 1255, in connect
HTTPConnection.connect(self)
File "C:\Python27\lib\httplib.py", line 821, in connect
self.timeout, self.source_address)
File "C:\Python27\lib\socket.py", line 575, in create_connection
raise err
socket.error: [Errno 10060] A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond

0 Karma

ctxrag
Explorer

the server is using a private CA and not a public one. so, how can i get that ca cert? or atleast how can i disable the ssl cert validation?

0 Karma

ctxrag
Explorer

I did paste the root and intermediate and still no luck. same error. I even started the pycharm and ie and command prompts again. Also, added the certs to IE Store.

0 Karma
Register for .conf21 Now! Go Vegas or Go Virtual!

How will you .conf21? You decide! Go in-person in Las Vegas, 10/18-10/21, or go online with .conf21 Virtual, 10/19-10/20.