search

nickovs / unificontrol

A high-level Python interface to the Unifi controller software
Apache License 2.0
96 stars 41 forks source link

SSL Verification Errors #34

Closed weswitt closed 1 year ago

weswitt commented 1 year ago

I'm trying to get a basic script working that just does a connection. Problem is that it does not like my SSL cert on my UDM. It claims that the cert has expired and will not connect. This does not seem to be true. I can view the cert in the browser or print & decode the cert from the script and see the following.

How can I make this work?

Certificate Information: Common Name: unifi.local Subject Alternative Names: unifi.local, localhost, [::1], IP Address:127.0.0.1, IP Address:FE80:0:0:0:0:0:0:1 Valid From: September 13, 2022 Valid To: December 16, 2024 Serial Number: 77bfabe473a0d81532

My code: import unificontrol client = unificontrol.UnifiClient(host="192.168.10.1", username="myusername", password="my password", site="default")

The error I'm getting is:

Traceback (most recent call last): File "C:\Users\wesw\AppData\Local\Programs\Python\Python39\lib\site-packages\urllib3\connectionpool.py", line 703, in urlopen httplib_response = self._make_request( File "C:\Users\wesw\AppData\Local\Programs\Python\Python39\lib\site-packages\urllib3\connectionpool.py", line 386, in _make_request self._validate_conn(conn) File "C:\Users\wesw\AppData\Local\Programs\Python\Python39\lib\site-packages\urllib3\connectionpool.py", line 1042, in _validate_conn conn.connect() File "C:\Users\wesw\AppData\Local\Programs\Python\Python39\lib\site-packages\urllib3\connection.py", line 414, in connect self.sock = ssl_wrapsocket( File "C:\Users\wesw\AppData\Local\Programs\Python\Python39\lib\site-packages\urllib3\util\ssl.py", line 453, in ssl_wrap_socket ssl_sock = _ssl_wrap_socket_impl(sock, context, tls_intls) File "C:\Users\wesw\AppData\Local\Programs\Python\Python39\lib\site-packages\urllib3\util\ssl.py", line 495, in _ssl_wrap_socket_impl return ssl_context.wrap_socket(sock) File "C:\Users\wesw\AppData\Local\Programs\Python\Python39\lib\ssl.py", line 500, in wrap_socket return self.sslsocket_class._create( File "C:\Users\wesw\AppData\Local\Programs\Python\Python39\lib\ssl.py", line 1040, in _create self.do_handshake() File "C:\Users\wesw\AppData\Local\Programs\Python\Python39\lib\ssl.py", line 1309, in do_handshake self._sslobj.do_handshake() ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: certificate has expired (_ssl.c:1122)

During handling of the above exception, another exception occurred:

Traceback (most recent call last): File "C:\Users\wesw\AppData\Local\Programs\Python\Python39\lib\site-packages\requests\adapters.py", line 489, in send resp = conn.urlopen( File "C:\Users\wesw\AppData\Local\Programs\Python\Python39\lib\site-packages\urllib3\connectionpool.py", line 787, in urlopen retries = retries.increment( File "C:\Users\wesw\AppData\Local\Programs\Python\Python39\lib\site-packages\urllib3\util\retry.py", line 592, in increment raise MaxRetryError(_pool, url, error or ResponseError(cause)) urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='192.168.10.1', port=8443): Max retries exceeded with url: /api/s/default/stat/guest (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: certificate has expired (_ssl.c:1122)')))

During handling of the above exception, another exception occurred:

Traceback (most recent call last): File "D:\dev\src\tools\unifi\test.py", line 10, in clients = client.list_guests(within=24) File "d:\src\unificontrol\unificontrol\metaprogram.py", line 125, in wrapper return instance(client, *a, kw) File "d:\src\unificontrol\unificontrol\metaprogram.py", line 103, in call return client._execute(url, self._method, rest_dict, need_login=self._need_login) File "d:\src\unificontrol\unificontrol\unifi.py", line 96, in _execute resp = ses.send(ses.prepare_request(request)) File "C:\Users\wesw\AppData\Local\Programs\Python\Python39\lib\site-packages\requests\sessions.py", line 701, in send r = adapter.send(request, kwargs) File "C:\Users\wesw\AppData\Local\Programs\Python\Python39\lib\site-packages\requests\adapters.py", line 563, in send raise SSLError(e, request=request) requests.exceptions.SSLError: HTTPSConnectionPool(host='192.168.10.1', port=8443): Max retries exceeded with url: /api/s/default/stat/guest (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: certificate has expired (_ssl.c:1122)')))

weswitt commented 1 year ago

well i just discovered that the error message is in fact correct (of course). the cert has expired. i didn't realize that the UDM uses a different cert for port 443 and 8443. so i need to figure out how to renew the 8443 port cert. i tried adding "verify=False" to the "resp = ses.send(ses.prepare_request(request))" line of code but it has no effect. anyone know how to renew this cert?

weswitt commented 1 year ago

ok, i installed my site's wildcard cert for my domain. now when i navigate to the web management ui the browser knows that the site is secure and all is well. however, when i try to connect with unifycontrol i get the exception: "[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain". i know that the cert is NOT self signed. the cert is a wildcard cert purchased from a CA and is valid.

weswitt commented 1 year ago

this appears to be an issue with python. i found that using "pip install pip_system_certs" resolves the issue.