I am trying to create a little Python script to send data to a server using the requests module in Python. To make it a bit more secure i want to use self signed certificates made in a program called XCA. When using the certificates in the browser everything works and is secure. When using Postman to send a request with the certificates it works as well. But when i created the Python script it seems to not work or can’t get to the certificate.
I have tried to include the CA with the ‘Verify’ command as well as adding the certificates with the ‘cert’ command.
When using the ‘Verify’ command (as seen down below) with the CA i get the error message: Remote end closed connection without response'
This message seems to appear everytime i add the CA to this script somehow.
When i use the cert command i get this error message: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:997)')))
. I have searched for a sollution to this problem and it seemed that the CA should be include in the certifi ‘cacert.pem’ file. I have done this but then i also get the ‘Remote disconect’ message.
Code with ‘verify’:
import requests import json url = "https://ip/tapi" payload = json.dumps ({"command" : "GetUserList"}) headers = {'content-type': 'application/json', 'X-TAPI': '', 'Authorization': 'Basic ', 'connection': 'keep-alive'} r = requests.request("POST", url, headers=headers, data= payload, verify= 'Tbox_CA.crt') print(r.text)
Code with ‘cert’:
import requests import json cert_file_path = 'HTTPS_client.crt' key_file_path = 'HTTPS_client_key.pem' url = "https://ip/tapi" payload = json.dumps ({"command" : "GetUserList"}) headers = {'content-type': 'application/json', 'X-TAPI': '', 'Authorization': 'Basic ', 'connection': 'keep-alive'} cert = cert_file_path, key_file_path r = requests.request("POST", url, headers=headers, data= payload, cert=cert) print(r.text)
Advertisement
Answer
When using the ‘Verify’ command (as seen down below) with the CA i get the error message: Remote end closed connection without response’ This message seems to appear everytime i add the CA to this script somehow.
Which means that SSL works, the HTTP request was sent, but then the server closes the connection without sending a response. SSL is not the problem here and the certificate validation worked.
When i use the cert command i get this error message: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:997)’))).
The cert
argument is not useful here since it is about providing a client certificate if the server requests it. Only, your server does not request a client certificate so providing this argument is basically the same as not providing it. Since no useful CA is given the certificate validation works. Since SSL thus already failed it cannot even send the real HTTP request inside the SSL connection, i.e. the error you’ve received when giving a CA is just masked because this error comes earlier.
Why the request failed from Python but not from the browser or Postman is unknown. There might be some server side bot protection implemented, but this is just a guess since there is nothing known about the actual URL you access.