chris-notley
commented
1 year ago I thought I found the problem - a post on stack overflow suggested there might be a problem with the certificate chain and looking at the Java keystore explorer, I could see that the keystore file (I'd previously copied across to the unifi controller) only had the cert and intermediate cert authority, not the root CA..
I've since re-created the keystore including the full certificate chain and copied it across; but I still get the same SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')])")) error..
I'm trying to connect to a (docker) controller using the library but getting stuck at the first hurdle.
I have a wildcard cert installed on the controller, which presents no issues when connecting via a web browser (GlobalSign root, AlphaSSL issuing server), but I receive the
SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')])"))when trying to use the library.I saw closed issue fixed by running
pip install pip_system_certs, which made no difference.I ran the following test to eliminate the library:
I then added a temporary entry of unifi.local in my /etc/hosts file pointing at the same IP as above, which unsurprisingly results in an error:
So it suggests to me that python requests at least is able to validate the controller SSL cert, but it's failing with the library.
I wondered whether the problem is cause by me using a wildcard certificate, I would appreciate it if anyone could confirm they are using the a wildcard cert successfully with the unificontrol library?