Arun-V-S
commented
2 years ago @abhishek-ram ^^
Closed Arun-V-S closed 2 years ago
Arun-V-S
commented
2 years ago @abhishek-ram ^^
abhishek-ram
commented
2 years ago The issue is not with the AS2 certificates but instead with the certificates configured on the HTTP server
Arun-V-S
commented
2 years ago We resolved this issue by adding certificate chain to the trusted CA. Thanks.
We tried setting up PYAS2 in two different hosts. We used valid venafi generated certificates for both the hosts and configured private key and public certificate for the respective hosts, as mentioned in the documentation.
It gives me the below error stating 'self signed certificate in certificate chain'. Can you please let me know, why it gives this error even though we used venafi generated certs? Please find the detailed trace below.
Failed to send message, error: Traceback (most recent call last): File "/usr/lib/python3.7/site-packages/urllib3/connectionpool.py", line 710, in urlopen chunked=chunked, File "/usr/lib/python3.7/site-packages/urllib3/connectionpool.py", line 386, in _make_request self._validate_conn(conn) File "/usr/lib/python3.7/site-packages/urllib3/connectionpool.py", line 1040, in _validate_conn conn.connect() File "/usr/lib/python3.7/site-packages/urllib3/connection.py", line 424, in connect tls_in_tls=tls_intls, File "/usr/lib/python3.7/site-packages/urllib3/util/ssl.py", line 450, in ssl_wrap_socket sock, context, tls_in_tls, server_hostname=serverhostname File "/usr/lib/python3.7/site-packages/urllib3/util/ssl.py", line 493, in _ssl_wrap_socket_impl return ssl_context.wrap_socket(sock, server_hostname=server_hostname) File "/usr/lib/python3.7/ssl.py", line 423, in wrap_socket session=session File "/usr/lib/python3.7/ssl.py", line 870, in _create self.do_handshake() File "/usr/lib/python3.7/ssl.py", line 1139, in do_handshake self._sslobj.do_handshake() ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1091)
During handling of the above exception, another exception occurred:
Traceback (most recent call last): File "/usr/lib/python3.7/site-packages/requests/adapters.py", line 450, in send timeout=timeout File "/usr/lib/python3.7/site-packages/urllib3/connectionpool.py", line 786, in urlopen method, url, error=e, _pool=self, _stacktrace=sys.exc_info()[2] File "/usr/lib/python3.7/site-packages/urllib3/util/retry.py", line 592, in increment raise MaxRetryError(_pool, url, error or ResponseError(cause)) urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='HOST_DNS_HERE', port=443): Max retries exceeded with url: /pyas2/as2receive/ (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1091)')))
During handling of the above exception, another exception occurred:
Traceback (most recent call last): File "/usr/lib/python3.7/site-packages/pyas2/models.py", line 478, in send_message verify=self.partner.https_verify_ssl, File "/usr/lib/python3.7/site-packages/requests/api.py", line 117, in post return request('post', url, data=data, json=json, kwargs) File "/usr/lib/python3.7/site-packages/requests/api.py", line 61, in request return session.request(method=method, url=url, kwargs) File "/usr/lib/python3.7/site-packages/requests/sessions.py", line 529, in request resp = self.send(prep, send_kwargs) File "/usr/lib/python3.7/site-packages/requests/sessions.py", line 645, in send r = adapter.send(request, kwargs) File "/usr/lib/python3.7/site-packages/requests/adapters.py", line 517, in send raise SSLError(e, request=request) requests.exceptions.SSLError: HTTPSConnectionPool(host='HOST_DNS_HERE', port=443): Max retries exceeded with url: /pyas2/as2receive/ (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1091)')))