We Keep Coding

SSLError in python application, after certificate update

As part of updating the SSL/TLS certificate of the web server deployed in the Kubernetes(which the current one will expire soon), I updated the Kubernetes secret (kubernetes.io/tls) with the new crt and key.
After that, the application works fine in the browser.
But, the API calls to the server, (From some python applications running in some pods) are hitting some SSLError.
The same will work if I restore the old certificate for the server.
The error is:
requests.exceptions.SSLError: HTTPSConnectionPool(host='hostname',
port=443): Max retries exceeded with url: URL(Caused by
SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED]
certificate verify failed: unable to get local issuer certificate
(_ssl.c:1131)')))
I tried to resolve this by creating the crt and key in different ways from the pfx file.
But the issue remains.
I did some search on - if anything to update in the Kubernetes cluster as part of the certificate change and I couldn't find a solution.
Any help will be greatly appreciated.

The issue was, the certificate I installed was without the intermediate certificate. The browsers may "fill in the gap" by searching for the missing certificate. Re-install the certificate with the complete chain resolved the issue

SSLError(SSLCertVerificationError) when presenting client side cert and key

I have a website that is hosted behind company's network. You could only connect to it using the client.crt and client.key. This client.crt is signed by a self signed ca.crt which is referenced in the apache config file.
I installed the server certificate (servercrt.crt) on my machine and can make a curl request with no issues:
curl https://my_url.com:53234 --cert path/to/client.crt --key path/to/client.key
I also imported the client.crt in the browser. When navigate to the url the browser asks to select the client certificate. Once selected the right client certificate, it opens up the page without issues.
However, I have problems with python. When I try to connect using python:
import requests
clientcertfile = './client.crt'
clientcertkeyfile = './client.key'
servercert = './servercert.pem'
requests.get(url='https://my_url.com:53234, cert= (clientcertfile, clientcertkeyfile), verify = servercert)
I get the following error:
SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1123)')
But, I can connect to this url when set the verify=False which I don't want. The requests package just displays a warning that its better not to set the verify=False option.
I have looked at here, here and here but no joy.
Any ideas?

Apparently, I was using the wrong ca.crt for the server. Once I replaced it with the right certificate. It fixed the issue.
#Steffen's comment helped solved the issue.

How to disable SSL certificate verification in Twine?

When I tried to push a new package to my company's artifactory :
python -m twine upload --repository-url https:///artifactory/api/pypi/gdp_pypi dist/*
I got an error on SSL.
ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:841)
Any way to disable the SSL verification?

I just tried the solution by another post:
Disable Python requests SSL validation for an imported module
Simply setting environment variable CURL_CA_BUNDLE to an empty string did the job!
$ export CURL_CA_BUNDLE=""

Disable SSL Certificate verification in Python Google Sheet quickstart

I was going through a Google tutorial to connect Google Sheets with python here. I am running this piece of code behind a corporate proxy, therefore the certificates received are already replaced by the proxy server.
I have created token.pickle file on a non-proxy machine and transferred it here. I get certificate verification failure at this line of the code given in the guide:
service = build('sheets', 'v4', credentials=creds)
The error that comes up is:
self._sslobj.do_handshake()
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1076)
I dig out into the build method here. Upon searching through the source codes, I found out that creds and http object as parameters to this method are mutually exclusive, I.e. when I pass creds object, I can't pass a http object to this function.
If I could pass a httplib2.http object, I would have set it to disable SSL verification. But now with this wrapper around, I cannot find any way out to specify this.
I tried the following two hacks also:
Creating a unverified context:
ssl._create_default_https_context = ssl._create_unverified_context
Setting PYTHONHTTPSVERIFY=0 as a env variable
But none of them works.
I have my corporate proxy certificate installed in my ca-bundle, and the .cer file too.

svn: E230001: Server SSL certificate verification failed: issuer is not trusted

I am using the svnX Version 2.0 (2.0.017068) and I can't connect. We already have a certificate for it, but it is giving me these errors:
svn: E170013: Unable to connect to a repository at URL 'https://svn.sample.com/svn/web'
svn: E230001: Server SSL certificate verification failed: issuer is not trusted

It suddenly happened to me today. I followed the steps from Rick: https://community.smartbear.com/t5/Collaborator/Server-SSL-Certificate-verification-failed-issues-is-not-trusted/td-p/96838
Please try running an "svn ls" or something similar from inside your working/checkout directory. You should be prompted to accept the certificate, make sure that you accept it permanently.
I did an svn update on the working directory.
Automatically, it asked me to accept the certificate.
Just accept it.