urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed

[rafaelri]

Hi all,

I am trying to use snxvpn and it is complaining about the VPN certificate (that I guess is self signed). I am wondering if there is any way I can bypass the certificate checking.

sslvpn/Login/Login
Traceback (most recent call last):
  File "/home/rafael/.pyenv/versions/3.6.5/lib/python3.6/urllib/request.py", line 1318, in do_open
    encode_chunked=req.has_header('Transfer-encoding'))
  File "/home/rafael/.pyenv/versions/3.6.5/lib/python3.6/http/client.py", line 1239, in request
    self._send_request(method, url, body, headers, encode_chunked)
  File "/home/rafael/.pyenv/versions/3.6.5/lib/python3.6/http/client.py", line 1285, in _send_request
    self.endheaders(body, encode_chunked=encode_chunked)
  File "/home/rafael/.pyenv/versions/3.6.5/lib/python3.6/http/client.py", line 1234, in endheaders
    self._send_output(message_body, encode_chunked=encode_chunked)
  File "/home/rafael/.pyenv/versions/3.6.5/lib/python3.6/http/client.py", line 1026, in _send_output
    self.send(msg)
  File "/home/rafael/.pyenv/versions/3.6.5/lib/python3.6/http/client.py", line 964, in send
    self.connect()
  File "/home/rafael/.pyenv/versions/3.6.5/lib/python3.6/http/client.py", line 1400, in connect
    server_hostname=server_hostname)
  File "/home/rafael/.pyenv/versions/3.6.5/lib/python3.6/ssl.py", line 407, in wrap_socket
    _context=self, _session=session)
  File "/home/rafael/.pyenv/versions/3.6.5/lib/python3.6/ssl.py", line 814, in __init__
    self.do_handshake()
  File "/home/rafael/.pyenv/versions/3.6.5/lib/python3.6/ssl.py", line 1068, in do_handshake
    self._sslobj.do_handshake()
  File "/home/rafael/.pyenv/versions/3.6.5/lib/python3.6/ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:833)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/home/rafael/.pyenv/versions/3.6.5/bin/snxconnect", line 5, in <module>
    main ()
  File "/home/rafael/.pyenv/versions/3.6.5/lib/python3.6/site-packages/snxconnect.py", line 522, in main
    result = rq.login ()
  File "/home/rafael/.pyenv/versions/3.6.5/lib/python3.6/site-packages/snxconnect.py", line 171, in login
    self.open ()
  File "/home/rafael/.pyenv/versions/3.6.5/lib/python3.6/site-packages/snxconnect.py", line 249, in open
    self.f = f = self.opener.open (rq, timeout = 10)
  File "/home/rafael/.pyenv/versions/3.6.5/lib/python3.6/urllib/request.py", line 526, in open
    response = self._open(req, data)
  File "/home/rafael/.pyenv/versions/3.6.5/lib/python3.6/urllib/request.py", line 544, in _open
    '_open', req)
  File "/home/rafael/.pyenv/versions/3.6.5/lib/python3.6/urllib/request.py", line 504, in _call_chain
    result = func(*args)
  File "/home/rafael/.pyenv/versions/3.6.5/lib/python3.6/urllib/request.py", line 1361, in https_open
    context=self._context, check_hostname=self._check_hostname)
  File "/home/rafael/.pyenv/versions/3.6.5/lib/python3.6/urllib/request.py", line 1320, in do_open
    raise URLError(err)
urllib.error.URLError: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:833)>

[rafaelri]

I tried both the environment variables mentioned on https://stackoverflow.com/questions/30405867/how-to-get-python-requests-to-trust-a-self-signed-ssl-certificate as the ones mentioned on https://superuser.com/questions/54615/how-to-install-a-ca-key-self-signed-ssl-on-ubuntu (copying to /etc/ssl/certs and running c_rehash) but none of them worked.

[vincenzocaselli]

Hi, similar error here. I am using Ubuntu 18.04 and followed instructions for installing snxconnect, but regarding the following dependencies, referred in the instructions:

• Beautiful Soup version 4 (python-bs4 Debian package)
• pycrypto (python-crypto Debian package)

I had to do:

• pip install bs4
• pip install crypto

then I can do snxconnect --help but when I try to connect, with the following command

sudo snxconnect -H [host-ip] -U [user] -F [p12-certificate-path]

I get this error:

Traceback (most recent call last): File "/usr/local/bin/snxconnect", line 4, in import('pkg_resources').run_script('snxvpn==0.0.0', 'snxconnect') File "/usr/lib/python2.7/dist-packages/pkg_resources/init.py", line 658, in run_script self.require(requires)[0].run_script(script_name, ns) File "/usr/lib/python2.7/dist-packages/pkg_resources/init.py", line 1445, in run_script exec(script_code, namespace, namespace) File "/usr/local/lib/python2.7/dist-packages/snxvpn-0.0.0-py2.7.egg/EGG-INFO/scripts/snxconnect", line 5, in

File "build/bdist.linux-x86_64/egg/snxconnect.py", line 555, in main File "build/bdist.linux-x86_64/egg/snxconnect.py", line 184, in login File "build/bdist.linux-x86_64/egg/snxconnect.py", line 271, in open File "/usr/lib/python2.7/urllib2.py", line 429, in open response = self._open(req, data) File "/usr/lib/python2.7/urllib2.py", line 447, in _open '_open', req) File "/usr/lib/python2.7/urllib2.py", line 407, in _call_chain result = func(*args) File "/usr/lib/python2.7/urllib2.py", line 1241, in https_open context=self._context) File "/usr/lib/python2.7/urllib2.py", line 1198, in do_open raise URLError(err) urllib2.URLError: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:726)>

Any hit? Thank you in advance Vincenzo

[rudiservo]

I believe that this is a problem with selfsigned certificates, already tried adding in Ubuntu 18.03 and Debian 9 with ca-certificates, but it did not work

Also tried installing certifi and replacing certifi ca.crt file with the one in the system but it didnt work either.

This may only be solved by adding an option of a CA file to the urllib2, I do not know how to to this in a short notice in python, but someone who is used to the libraries can fix this in a couple of hours or less.

[ananttickoo]

i am faceing same issue . i think solution is to disable SSL checking SSL we set in ssl verify_mode = ssl.CERT_NONE of atleast have a flag which can do it.