cancel
Showing results for 
Search instead for 
Did you mean: 

We're looking into an issue with broken attachments right now. Please stay tuned!

SSL Certificate Invalid - Python API

cj
Blue LED
 
 
 
Hi,
The error as it says is because it cannot validate certificates. Setting ssl_verify =False, works but it throws InsecureConnectionWarning. I would like to use default ssl_verify=True. We have an on-prem installation of DataRobot, so my question is where or who can provide me certificates within my org or what do I ask them for(DataRobot server admin)? IF I have the certificates, how I pass them to the above data robot client implementation?
dr.Client(
token=config('DR_TOKEN'),
endpoint=config('DR_API_ENDPOINT'),
ssl_verify=True, # https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
user_agent_suffix='API_AUTOMA_PY'
)
requests.exceptions.SSLError: HTTPSConnectionPool(host='XXXXX.com', port=443): Max retries exceeded with url: /api/v2/version/ (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1125)')))


Any help is appreciated.

I hope that helps
 
 
 
 
 
1 Reply
kmaheshwari
DataRobot Employee
DataRobot Employee

Whenever client (in our case Python libraries) tries to connect to a remote system over SSL, client try to verify the authenticity of the remote server / website. By default, Client system connect to the certified authority (CA) to verify remote server certificate validity.

Company sometime uses Self signed certificates OR Company own signed certificates for SSL verification. It depends upon company policy as well to choose type of certificate (CA / Self signed / Company signed etc...). Since these certificates are not signed by CA authority, client tool complain about the SSL verification failure.

The message you are receiving generally indicates that the remote server does not have CA signed certificate.

Scenario described above is generally applicable for any client / server architecture, irrespective of any product OR tool. 

"ssl_verify=True" is an option for user to tell Python, that the user trust the remote server and it is not required to validate the certificate with CA Trust store. 

Now to answer your query, I can see following option:

First option is that the remote sever (DataRobot in this case) need to use CA signed certificate. For this, you will need to connect with DataRobot Admin, and they will have to in turn help you according to your company policy.

Second option is to import the self signed certificate OR company signed certificate in your system trust store. Local IT team may be able to help with this, however you will be still using the same SSL behind the screen.