Python Requests - SSL error for client side cert

2020-05-27 03:02发布

问题:

I'm calling a REST API with requests in python and so far have been successful when I set verify=False.

Now, I have to use client side cert that I need to import for authentication and I'm getting this error everytime I'm using the cert (.pfx). cert.pfx is password protected.

r = requests.post(url, params=payload, headers=headers, 
                  data=payload, verify='cert.pfx')

This is the error I'm getting:

Traceback (most recent call last):
File "C:\Users\me\Desktop\test.py", line 65, in <module>
r = requests.post(url, params=payload, headers=headers, data=payload, verify=cafile)
File "C:\Python33\lib\site-packages\requests\api.py", line 88, in post
return request('post', url, data=data, **kwargs)
File "C:\Python33\lib\site-packages\requests\api.py", line 44, in request
return session.request(method=method, url=url, **kwargs)
File "C:\Python33\lib\site-packages\requests\sessions.py", line 346, in request
resp = self.send(prep, **send_kwargs)
File "C:\Python33\lib\site-packages\requests\sessions.py", line 449, in send
r = adapter.send(request, **kwargs)
File "C:\Python33\lib\site-packages\requests\adapters.py", line 322, in send
raise SSLError(e)
requests.exceptions.SSLError: unknown error (_ssl.c:2158)

I've also tried openssl to get .pem and key but with .pem and getting SSL: CERTIFICATE_VERIFY_FAILED

Can someone please direct me on how to import the certs and where to place it? I tried searching but still faced with the same issue.

回答1:

I had this same problem. The verify parameter seems to refer to the server's certificate. You want the cert parameter to specify your client certificate.

I had to use OpenSSL to convert to get a certificate PEM file and a key PEM file.

import requests
cert_file_path = "cert.pem"
key_file_path = "key.pem"

url = "https://example.com/resource"
params = {"param_1": "value_1", "param_2": "value_2"}
cert = (cert_file_path, key_file_path)
r = requests.get(url, params=params, cert=cert)

I still had problems with Requests not playing nicely with some SSL servers, but I think the verify / cert distinction might be your problem.