search

MISP / MISP-Taxii-Server

An OpenTAXII Configuration for MISP
BSD 3-Clause "New" or "Revised" License
80 stars 30 forks source link

SSL: Certificate_Verify_Failed error #5

Closed MrRedPushTRedButton closed 7 years ago

MrRedPushTRedButton commented 7 years ago

Once I created the variable and tried to run opentaxii-create-services -c config/services.yaml - I received this:

root@ubuntu:/var/www/MISP/MISP-Taxii-Server/config# opentaxii-create-services -c services.yaml 2017-05-12T17:24:19.481792Z [opentaxii.utils] info: api.initialized {level=info, api=opentaxii.persistence.sqldb.SQLDatabaseAPI, event=api.initialized, logger=opentaxii.utils, timestamp=2017-05-12T17:24:19.481792Z} 2017-05-12T17:24:19.516831Z [opentaxii.utils] info: api.initialized {level=info, api=opentaxii.auth.sqldb.SQLDatabaseAPI, event=api.initialized, logger=opentaxii.utils, timestamp=2017-05-12T17:24:19.516831Z} Using config from /var/www/MISP/MISP-Taxii-Server/config/config.yaml Starting new HTTPS connection (1): 10.20.10.18 Traceback (most recent call last): File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 560, in urlopen body=body, headers=headers) File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 346, in _make_request self._validate_conn(conn) File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 787, in _validate_conn conn.connect() File "/usr/lib/python3/dist-packages/urllib3/connection.py", line 252, in connect ssl_version=resolved_sslversion) File "/usr/lib/python3/dist-packages/urllib3/util/ssl.py", line 305, in ssl_wrap_socket return context.wrap_socket(sock, server_hostname=server_hostname) File "/usr/lib/python3.5/ssl.py", line 377, in wrap_socket _context=self) File "/usr/lib/python3.5/ssl.py", line 752, in init self.do_handshake() File "/usr/lib/python3.5/ssl.py", line 988, in do_handshake self._sslobj.do_handshake() File "/usr/lib/python3.5/ssl.py", line 633, in do_handshake self._sslobj.do_handshake() ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:645)

During handling of the above exception, another exception occurred:

Traceback (most recent call last): File "/usr/lib/python3/dist-packages/requests/adapters.py", line 376, in send timeout=timeout File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 589, in urlopen raise SSLError(e) requests.packages.urllib3.exceptions.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:645)

During handling of the above exception, another exception occurred:

Traceback (most recent call last): File "/usr/local/lib/python3.5/dist-packages/pymisp-2.4.71-py3.5.egg/pymisp/api.py", line 112, in init response = self.get_recommended_api_version() File "/usr/local/lib/python3.5/dist-packages/pymisp-2.4.71-py3.5.egg/pymisp/api.py", line 1074, in get_recommended_api_version response = session.get(url) File "/usr/lib/python3/dist-packages/requests/sessions.py", line 480, in get return self.request('GET', url, kwargs) File "/usr/lib/python3/dist-packages/requests/sessions.py", line 468, in request resp = self.send(prep, send_kwargs) File "/usr/lib/python3/dist-packages/requests/sessions.py", line 576, in send r = adapter.send(request, **kwargs) File "/usr/lib/python3/dist-packages/requests/adapters.py", line 447, in send raise SSLError(e, request=request) requests.exceptions.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:645)

During handling of the above exception, another exception occurred:

Traceback (most recent call last): File "/usr/local/bin/opentaxii-create-services", line 9, in load_entry_point('opentaxii==0.1.9a1', 'console_scripts', 'opentaxii-create-services')() File "/usr/lib/python3/dist-packages/pkg_resources/init.py", line 542, in load_entry_point return get_distribution(dist).load_entry_point(group, name) File "/usr/lib/python3/dist-packages/pkg_resources/init.py", line 2569, in load_entry_point return ep.load() File "/usr/lib/python3/dist-packages/pkg_resources/init.py", line 2229, in load return self.resolve() File "/usr/lib/python3/dist-packages/pkg_resources/init.py", line 2235, in resolve module = import(self.module_name, fromlist=['name'], level=0) File "/usr/local/lib/python3.5/dist-packages/opentaxii-0.1.9a1-py3.5.egg/opentaxii/cli/init.py", line 10, in server = TAXIIServer(config) File "/usr/local/lib/python3.5/dist-packages/opentaxii-0.1.9a1-py3.5.egg/opentaxii/server.py", line 45, in init importlib.import_module(signal_hooks) File "/usr/lib/python3.5/importlib/init.py", line 126, in import_module return _bootstrap._gcd_import(name[level:], package, level) File "", line 986, in _gcd_import File "", line 969, in _find_and_load File "", line 958, in _find_and_load_unlocked File "", line 664, in _load_unlocked File "", line 634, in _load_backward_compatible File "/usr/local/lib/python3.5/dist-packages/misp_taxii_hooks-0.2-py3.5.egg/misp_taxii_hooks/hooks.py", line 42, in File "/usr/local/lib/python3.5/dist-packages/pymisp-2.4.71-py3.5.egg/pymisp/api.py", line 124, in init raise PyMISPError('Unable to connect to MISP ({}). Please make sure the API key and the URL are correct (http/https is required): {}'.format(self.root_url, e)) pymisp.exceptions.PyMISPError: Unable to connect to MISP (https://10.20.10.18). Please make sure the API key and the URL are correct (http/https is required): [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:645)

I checked, my cert is valid and has not expired PyMISP setup: misp_verifycert = "False": my misp_key = the key received from the automation section of my MISP server misp_url = the url of my MISP server

Tested this: python3 last -l 10m works properly to pull in the information

The misp key and url were also added in at the bottom of the config.yaml file.

I am not sure where I could be going wrong. I have been researching on why this can be happening for quite a few days now, but have had no luck.

FloatingGhost commented 7 years ago

Pushed a fix.

Pull, then modify your config.yaml to have

misp:
    url: something
    api: something
    verifySSL: False
MrRedPushTRedButton commented 7 years ago

I have performed the pull and added the "verifySSL: False" into my config.yaml file.

The issue is still present.

FloatingGhost commented 7 years ago

Then I cannot do anything.

If you're passing the SSL ignore to PyMISP, the issue does not lie with this server.

Closing.

FloatingGhost commented 7 years ago

I will add: you did re-install, right?

MrRedPushTRedButton commented 7 years ago

Yes, I did a re-install. It still comes up with the same error. I believe somewhere within Python, it is still looking to verify the SSL certificate. I will have to do some digging. Thanks again.

Danko90 commented 7 years ago

@MrRedPushTRedButton did you add the certificate in /usr/local/lib/python3.4/dist-packages/requests/cacert.pem ? Python doesn't check for it in /usr/share/ca-certificates

Danko90 commented 7 years ago

@FloatingGhost,

MISP = pymisp.PyMISP( 
                        CONFIG["misp"]["url"],
                        CONFIG["misp"]["api"],
                        ssl = config["misp"].get("verifySSL", True)
                )

By pulling the new changes I got an error because of the variable config. I changed it in CONFIG and it works, shouldn't it be in upper-case?

shadowbq commented 6 years ago

Can we add this to the instructions/README?

FloatingGhost commented 6 years ago

I'm gonna go with no

I don't want to support people defaulting to no SSL verification because it's stupid on multiple levels, so I won't give them the instructions to do so