Getting the following error :
[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1045)
I'm using self-signed certificates between many servers, now need to integrate python in the system but unable to verify self-signed certificates.
The code I'm using
context = ssl.create_default_context()
context.load_verify_locations("/var/certs.crt")
context.load_cert_chain(certfile=cert_path, keyfile=key_path)
ctx.check_hostname = False
ctx.verify_mode = ssl.CERT_REQ
resp = urllib.request.urlopen(url_string, context=ctx)
var/certs.crt containing the certificate of the specific server I'm starting an ssl connection with.
cert_path & key_path are my own cert and private key to establish 2 way ssl.
Things I've checked :
1.I can see my certs being loaded after load_cert_chain in context.get_ca_certs()
2.I tried context.verify_flags |= 0x80000
but it didn't work.
If ctx.verify_mode = False
then I'm able to connect properly but it will not be secured.
Since the best existing answer on StackOverflow is to use ctx.verify = False
and it's not the way, I'm hoping this time to find someone who actually fixed it.
Thanks
After checking in wireshark I saw that python throwing the wrong error. the problem wasn't with the self certificate but was "Certificate Unknown" and the SSL handshake failed.
So it can be done with ssl.CERT_REQ