search

sassoftware / pyviyatools

Python command-line tools that call the SAS Viya REST APIs - for SAS administrators.
Apache License 2.0
39 stars 31 forks source link

Login failed due to an error with the security certificate. The certificate is signed by an unknown authority #153

Closed Juan4SAS closed 1 year ago

Juan4SAS commented 1 year ago

Hello,

I want to use the pyviyatools but I cannot.

I received above message when login with sas-viya CLI, however I could workaround it with using the -k or --insecure flags.

(I must note, it is not true the Viya site's certificate was signed by an unknown authority, GoDaddy is in fact a recognized CA, but let's leave that aside for now).

I notice that loginviaauthinfo.py has no flag to workaround that message.

Could you please provide an update that resolves it or provide a workaround for it?

Thank you in advance! Best regards, Juan

gerrynelson63 commented 1 year ago

Hi Juan,

I am sorry you are having problems.

It sounds like you cannot securely login with the sas-viya cli. If you can solve that problem then you will also be able to use the pyviyatool loginviaauthinfo.py.

Some things to check:

Do you have the SSL_CERT_FILE environment variable set? Do you know if it is pointing to the correct certificate file?

Try to do a logon with the --verbose option like this

sas-viya --verbose auth login -u youruser -p yourpw

If you still cannot log on I would recommend contacting Tech Support.

Please report back how you get on. We can also start to investigate providing the -k flag with the tools. Gerry

Juan4SAS commented 1 year ago

Hi Gerry,

Thank you very much. Of course, you are absolutely right, SS_CERT_FILE seems to resolve the issue for sas-viya auth login and for loginviaauthinfo.py.

However, as soon as I want to validate (validateviya.py --verbose), I still get SSL errors:

$ python3 validateviya.py --verbose Data Collection Test Started: Logged in User Traceback (most recent call last): File "/usr/lib/python3/dist-packages/urllib3/contrib/pyopenssl.py", line 485, in wrap_socket cnx.do_handshake() File "/usr/lib/python3/dist-packages/OpenSSL/SSL.py", line 1915, in do_handshake self._raise_ssl_error(self._ssl, result) File "/usr/lib/python3/dist-packages/OpenSSL/SSL.py", line 1647, in _raise_ssl_error _raise_current_error() File "/usr/lib/python3/dist-packages/OpenSSL/_util.py", line 54, in exception_from_error_queue raise exception_type(errors) OpenSSL.SSL.Error: [('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')]

During handling of the above exception, another exception occurred:

Traceback (most recent call last): File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 665, in urlopen httplib_response = self._make_request( File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 376, in _make_request self._validate_conn(conn) File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 996, in _validate_conn conn.connect() File "/usr/lib/python3/dist-packages/urllib3/connection.py", line 366, in connect self.sock = ssl_wrapsocket( File "/usr/lib/python3/dist-packages/urllib3/util/ssl.py", line 370, in ssl_wrap_socket return context.wrap_socket(sock, server_hostname=server_hostname) File "/usr/lib/python3/dist-packages/urllib3/contrib/pyopenssl.py", line 491, in wrap_socket raise ssl.SSLError("bad handshake: %r" % e) ssl.SSLError: ("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')])",)

During handling of the above exception, another exception occurred:

Traceback (most recent call last): File "/usr/lib/python3/dist-packages/requests/adapters.py", line 439, in send resp = conn.urlopen( File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 719, in urlopen retries = retries.increment( File "/usr/lib/python3/dist-packages/urllib3/util/retry.py", line 436, in increment raise MaxRetryError(_pool, url, error or ResponseError(cause)) urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host=' sasviya4poc1.xxxxx.com', port=443): Max retries exceeded with url: / (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')])")))

During handling of the above exception, another exception occurred:

Traceback (most recent call last): File "validateviya.py", line 223, in result = callrestapi(request, "get", stoponerror=False) File "/mnt/e/Projects/xxxxxxxx/pyviyatools/sharedfunctions.py", line 110, in callrestapi oaval=getauthtoken(baseurl) File "/mnt/e/Projects/xxxxxxxxx/sas_tools_lnx/pyviyatools/sharedfunctions.py", line 318, in getauthtoken r = requests.get(baseurl,headers=head) File "/usr/lib/python3/dist-packages/requests/api.py", line 75, in get return request('get', url, params=params, kwargs) File "/usr/lib/python3/dist-packages/requests/api.py", line 60, in request return session.request(method=method, url=url, kwargs) File "/usr/lib/python3/dist-packages/requests/sessions.py", line 533, in request resp = self.send(prep, send_kwargs) File "/usr/lib/python3/dist-packages/requests/sessions.py", line 646, in send r = adapter.send(request, kwargs) File "/usr/lib/python3/dist-packages/requests/adapters.py", line 514, in send raise SSLError(e, request=request) requests.exceptions.SSLError: HTTPSConnectionPool(host=' sasviya4poc1.xxxx.com', port=443): Max retries exceeded with url: / (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')])")))

Does it ring a bell? Thank you in advance! Best regards, Juan

El jue, 4 may 2023 a las 14:35, Gerry Nelson @.***>) escribió:

Hi Juan,

I am sorry you are having problems.

It sounds like you cannot securely login with the sas-viya cli. If you can solve that problem then you will also be able to use the pyviyatool loginviaauthinfo.py.

Some things to check:

Do you have the SSL_CERT_FILE environment variable set? Do you know if it is pointing to the correct certificate file?

Try to do a logon with the --verbose option like this

sas-viya --verbose auth login -u youruser -p yourpw

If you still cannot log on I would recommend contacting Tech Support.

Please report back how you get on. We can also start to investigate providing the -k flag with the tools. Gerry

— Reply to this email directly, view it on GitHub https://github.com/sassoftware/pyviyatools/issues/153#issuecomment-1534702045, or unsubscribe https://github.com/notifications/unsubscribe-auth/AIRFLCFGZU6XUM4NPF5ABHDXEOPCPANCNFSM6AAAAAAXVSUEJI . You are receiving this because you authored the thread.Message ID: @.***>

gerrynelson63 commented 1 year ago

Hi Juan,

Glad you got your login working. I hope this will fix your next problem. For the requests module that pyviyatools uses, there is an additional environment variable to set. Set REQUESTS_CA_BUNDLE to the same value as SSL_CERT_FILE. For example:

export REQUESTS_CA_BUNDLE=${SSL_CERT_FILE}

Juan4SAS commented 1 year ago

Hi Gary,

thank you again. It is a pleasure to speak with you, you do know your stuff. It resolved the issue.

This triggered another error, but maybe I will open a different issue id, to keep the subject clear.