We tried setting up PYAS2 in two different hosts. We used valid venafi generated certificates for both the hosts and configured private key and public certificate for the respective hosts, as mentioned in the documentation.
It gives me the below error stating 'self signed certificate in certificate chain'. Can you please let me know, why it gives this error even though we used venafi generated certs? Please find the detailed trace below.
Failed to send message, error:
Traceback (most recent call last):
File "/usr/lib/python3.7/site-packages/urllib3/connectionpool.py", line 710, in urlopen
chunked=chunked,
File "/usr/lib/python3.7/site-packages/urllib3/connectionpool.py", line 386, in _make_request
self._validate_conn(conn)
File "/usr/lib/python3.7/site-packages/urllib3/connectionpool.py", line 1040, in _validate_conn
conn.connect()
File "/usr/lib/python3.7/site-packages/urllib3/connection.py", line 424, in connect
tls_in_tls=tls_intls,
File "/usr/lib/python3.7/site-packages/urllib3/util/ssl.py", line 450, in ssl_wrap_socket
sock, context, tls_in_tls, server_hostname=serverhostname
File "/usr/lib/python3.7/site-packages/urllib3/util/ssl.py", line 493, in _ssl_wrap_socket_impl
return ssl_context.wrap_socket(sock, server_hostname=server_hostname)
File "/usr/lib/python3.7/ssl.py", line 423, in wrap_socket
session=session
File "/usr/lib/python3.7/ssl.py", line 870, in _create
self.do_handshake()
File "/usr/lib/python3.7/ssl.py", line 1139, in do_handshake
self._sslobj.do_handshake()
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1091)
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/lib/python3.7/site-packages/requests/adapters.py", line 450, in send
timeout=timeout
File "/usr/lib/python3.7/site-packages/urllib3/connectionpool.py", line 786, in urlopen
method, url, error=e, _pool=self, _stacktrace=sys.exc_info()[2]
File "/usr/lib/python3.7/site-packages/urllib3/util/retry.py", line 592, in increment
raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='HOST_DNS_HERE', port=443): Max retries exceeded with url: /pyas2/as2receive/ (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1091)')))
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/lib/python3.7/site-packages/pyas2/models.py", line 478, in send_message
verify=self.partner.https_verify_ssl,
File "/usr/lib/python3.7/site-packages/requests/api.py", line 117, in post
return request('post', url, data=data, json=json, kwargs)
File "/usr/lib/python3.7/site-packages/requests/api.py", line 61, in request
return session.request(method=method, url=url, kwargs)
File "/usr/lib/python3.7/site-packages/requests/sessions.py", line 529, in request
resp = self.send(prep, send_kwargs)
File "/usr/lib/python3.7/site-packages/requests/sessions.py", line 645, in send
r = adapter.send(request, kwargs)
File "/usr/lib/python3.7/site-packages/requests/adapters.py", line 517, in send
raise SSLError(e, request=request)
requests.exceptions.SSLError: HTTPSConnectionPool(host='HOST_DNS_HERE', port=443): Max retries exceeded with url: /pyas2/as2receive/ (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1091)')))
We tried setting up PYAS2 in two different hosts. We used valid venafi generated certificates for both the hosts and configured private key and public certificate for the respective hosts, as mentioned in the documentation.
It gives me the below error stating 'self signed certificate in certificate chain'. Can you please let me know, why it gives this error even though we used venafi generated certs? Please find the detailed trace below.
Failed to send message, error: Traceback (most recent call last): File "/usr/lib/python3.7/site-packages/urllib3/connectionpool.py", line 710, in urlopen chunked=chunked, File "/usr/lib/python3.7/site-packages/urllib3/connectionpool.py", line 386, in _make_request self._validate_conn(conn) File "/usr/lib/python3.7/site-packages/urllib3/connectionpool.py", line 1040, in _validate_conn conn.connect() File "/usr/lib/python3.7/site-packages/urllib3/connection.py", line 424, in connect tls_in_tls=tls_intls, File "/usr/lib/python3.7/site-packages/urllib3/util/ssl.py", line 450, in ssl_wrap_socket sock, context, tls_in_tls, server_hostname=serverhostname File "/usr/lib/python3.7/site-packages/urllib3/util/ssl.py", line 493, in _ssl_wrap_socket_impl return ssl_context.wrap_socket(sock, server_hostname=server_hostname) File "/usr/lib/python3.7/ssl.py", line 423, in wrap_socket session=session File "/usr/lib/python3.7/ssl.py", line 870, in _create self.do_handshake() File "/usr/lib/python3.7/ssl.py", line 1139, in do_handshake self._sslobj.do_handshake() ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1091)
During handling of the above exception, another exception occurred:
Traceback (most recent call last): File "/usr/lib/python3.7/site-packages/requests/adapters.py", line 450, in send timeout=timeout File "/usr/lib/python3.7/site-packages/urllib3/connectionpool.py", line 786, in urlopen method, url, error=e, _pool=self, _stacktrace=sys.exc_info()[2] File "/usr/lib/python3.7/site-packages/urllib3/util/retry.py", line 592, in increment raise MaxRetryError(_pool, url, error or ResponseError(cause)) urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='HOST_DNS_HERE', port=443): Max retries exceeded with url: /pyas2/as2receive/ (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1091)')))
During handling of the above exception, another exception occurred:
Traceback (most recent call last): File "/usr/lib/python3.7/site-packages/pyas2/models.py", line 478, in send_message verify=self.partner.https_verify_ssl, File "/usr/lib/python3.7/site-packages/requests/api.py", line 117, in post return request('post', url, data=data, json=json, kwargs) File "/usr/lib/python3.7/site-packages/requests/api.py", line 61, in request return session.request(method=method, url=url, kwargs) File "/usr/lib/python3.7/site-packages/requests/sessions.py", line 529, in request resp = self.send(prep, send_kwargs) File "/usr/lib/python3.7/site-packages/requests/sessions.py", line 645, in send r = adapter.send(request, kwargs) File "/usr/lib/python3.7/site-packages/requests/adapters.py", line 517, in send raise SSLError(e, request=request) requests.exceptions.SSLError: HTTPSConnectionPool(host='HOST_DNS_HERE', port=443): Max retries exceeded with url: /pyas2/as2receive/ (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1091)')))