SSL error with python

Question

I am trying to log into my university web portal with this code:

        import requests

        with requests.Session() as c:
            url = 'https://myunihub.mdx.ac.uk/'
            usern = 'USERNAME'
            passw = 'PASSWORD'
            c.get(url)
            csrftoken = c.cookies['csrftoken']
            login_data = dict(csrfmiddlewaretoken=csrftoken, username=usern, password=passw)
            c.post(url, data=login_data, headers={'Referer': 'https://myunihub-1.mdx.ac.uk/cas-web/login?service=https%3A%2F%2Fmyunihub.mdx.ac.uk%2Fc%2Fportal%2Flogin'})
            page = c.get('https://myunihub.mdx.ac.uk/web/home-community', verify=False)
            print page.content

However this error comes up when I try:

raise SSLError(e, request=request) SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590)

Joe Young · Accepted Answer · 2015-10-05 20:46:19Z

Have you tried

c.get(url, verify=False)

From the documentation:

Requests can also ignore verifying the SSL certficate if you set verify to False.
>>> requests.get('https://kennethreitz.com', verify=False)
<Response [200]>
By default, verify is set to True.

Source: http://docs.python-requests.org/en/v1.0.4/user/advanced/#ssl-cert-verification

I suggested ignoring the cert because you're already doing that in this line of your code:

page = c.get('https://myunihub.mdx.ac.uk/web/home-community', verify=False)

However, if you do want to verify the cert, you can download the intermediate certificate of the certificate authority that issued the certificate to your school. In this case, it's http://crt.tcs.terena.org/TERENASSLCA.crt

(requestsssl)macbook:requestsssl joeyoung$ curl -O http://crt.tcs.terena.org/TERENASSLCA.crt
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  1180  100  1180    0     0   1940      0 --:--:-- --:--:-- --:--:--  1947
(requestsssl)macbook:requestsssl joeyoung$ ls -al
total 8
drwxr-xr-x   3 joeyoung  staff   102 Oct  5 22:22 .
drwxr-xr-x  66 joeyoung  staff  2244 Oct  5 22:21 ..
-rw-r--r--   1 joeyoung  staff  1180 Oct  5 22:22 TERENASSLCA.crt

Then you need to add the certificate to your CA BUNDLE. The process differs depending on the OS. Here is a good link for step-by-step guides for this: http://kb.kerio.com/product/kerio-connect/server-configuration/ssl-certificates/adding-trusted-root-certificates-to-the-server-1605.html

I'm on OS X so I'll do the following:

(requestsssl)macbook:requestsssl joeyoung$ sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain ./TERENASSLCA.crt

With the cert installed, I can use verify=True with no problems:

(requestsssl)macbook:requestsssl joeyoung$ python
Python 2.7.10 (default, Jul 14 2015, 19:46:27) 
[GCC 4.2.1 Compatible Apple LLVM 6.0 (clang-600.0.39)] on darwin
Type "help", "copyright", "credits" or "license" for more information.
>>> import requests
>>> r = requests.get('https://myunihub-1.mdx.ac.uk', verify=True)
>>> r.text
u'\n<!DOCTYPE html>\n\n\n<html lang="en">\n    <head>\n        <title>Apache Tomcat/7.0.39</title>\n        <link href="favicon.ico" rel="icon" type="image/x-icon" />\n        <link href="favicon.ico" rel="shortcut icon" type="image/x-icon" />\n        <link href="tomcat.css" rel="stylesheet" type="text/css" />\n    </head>\n\n    <body>\n        <div id="wrapper">\n            <div id="navigation" class="curved container">\n                <span id="nav-home"><a href="http://tomcat.apache.org/">Home</a></span>\n                <span id="nav-hosts"><a href="/docs/">Documen
...

thanks for this answer mate, I was looking for a solution of this problem and yours has worked out perfectly!

Collectives™ on Stack Overflow

SSL error with python

1 Answer 1

1 Comment

Your Answer

Hot Network Questions

Collectives™ on Stack Overflow

1 Answer 1

1 Comment

Your Answer

Sign up or log in

Post as a guest

Related