Home / ubuntu / Questions / 391977
In Process
sorin
Asked: 2013-12-18 01:26:39 +0800 CST

How to get a SSL certificate to be verified in Python?

  • 772

I've got an inexpensive certificate from EssentialSSL (Comodo is the CA) and I was surprised to discover that Python didn't recognize it.

requests.exceptions.SSLError: [Errno 1] _ssl.c:509: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

The certificate seems to be properly recognized by all major browsers, still Python does not validate it.

If possible I would prefer a simple install solution like the one of installing a package or a script.

I was a little bit surprised not to see Comodo in the default list of recognized CA certs, all major (5) browsers accept it but not Ubuntu wget/python/... (openssl i guess is the cause).

python

1 Answers

  1. Use the Debian package ca-certificates which will incorporate (beside others) all CA certificates which Mozilla Firefox/Thunderbird/etc. uses.

    You can use the certificate file (all certificates in one, PEM formatted) in Python as follows:

    ssl_sock = ssl.wrap_socket(sock,  
                           ca_certs="/etc/ssl/certs/ca-certificates.crt",  
                           cert_reqs=ssl.CERT_REQUIRED  
                          )
    • 2