Sign Up
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SSL Certificate Invalid - Python API

cj
Blue LED
‎03-25-2021 07:15 PM

SSL Certificate Invalid - Python API

 
 
 
Hi,
The error as it says is because it cannot validate certificates. Setting ssl_verify =False, works but it throws InsecureConnectionWarning. I would like to use default ssl_verify=True. We have an on-prem installation of DataRobot, so my question is where or who can provide me certificates within my org or what do I ask them for(DataRobot server admin)? IF I have the certificates, how I pass them to the above data robot client implementation?
dr.Client(
token=config('DR_TOKEN'),
 endpoint=config('DR_API_ENDPOINT'),
 ssl_verify=True, # https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
 user_agent_suffix='API_AUTOMA_PY'
)
requests.exceptions.SSLError: HTTPSConnectionPool(host='XXXXX.com', port=443): Max retries exceeded with url: /api/v2/version/ (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1125)')))


Any help is appreciated.

I hope that helps
 
 
 
 
 
Reply
1 Solution

Accepted Solutions
kmaheshwari
DataRobot Alumni
‎03-26-2021 07:38 AM

Whenever client (in our case Python libraries) tries to connect to a remote system over SSL, client try to verify the authenticity of the remote server / website. By default, Client system connect to the certified authority (CA) to verify remote server certificate validity.

Company sometime uses Self signed certificates OR Company own signed certificates for SSL verification. It depends upon company policy as well to choose type of certificate (CA / Self signed / Company signed etc...). Since these certificates are not signed by CA authority, client tool complain about the SSL verification failure.

The message you are receiving generally indicates that the remote server does not have CA signed certificate.

Scenario described above is generally applicable for any client / server architecture, irrespective of any product OR tool. 

"ssl_verify=True" is an option for user to tell Python, that the user trust the remote server and it is not required to validate the certificate with CA Trust store. 

Now to answer your query, I can see following option:

First option is that the remote sever (DataRobot in this case) need to use CA signed certificate. For this, you will need to connect with DataRobot Admin, and they will have to in turn help you according to your company policy.

Second option is to import the self signed certificate OR company signed certificate in your system trust store. Local IT team may be able to help with this, however you will be still using the same SSL behind the screen.

View solution in original post

Reply
1 Reply
kmaheshwari
DataRobot Alumni
‎03-26-2021 07:38 AM

Whenever client (in our case Python libraries) tries to connect to a remote system over SSL, client try to verify the authenticity of the remote server / website. By default, Client system connect to the certified authority (CA) to verify remote server certificate validity.

Company sometime uses Self signed certificates OR Company own signed certificates for SSL verification. It depends upon company policy as well to choose type of certificate (CA / Self signed / Company signed etc...). Since these certificates are not signed by CA authority, client tool complain about the SSL verification failure.

The message you are receiving generally indicates that the remote server does not have CA signed certificate.

Scenario described above is generally applicable for any client / server architecture, irrespective of any product OR tool. 

"ssl_verify=True" is an option for user to tell Python, that the user trust the remote server and it is not required to validate the certificate with CA Trust store. 

Now to answer your query, I can see following option:

First option is that the remote sever (DataRobot in this case) need to use CA signed certificate. For this, you will need to connect with DataRobot Admin, and they will have to in turn help you according to your company policy.

Second option is to import the self signed certificate OR company signed certificate in your system trust store. Local IT team may be able to help with this, however you will be still using the same SSL behind the screen.

Reply