- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
SSL error in python
Hello,
I am making API calls via python script in "Pycharm". Every call I make fails with
requests.exceptions.SSLError: HTTPSConnectionPool(host='api.meraki.com', port=443): Max retries exceeded with url: /api/v1/organizations/xxxxx/networks (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:992)')))
I can get around this by adding a verify=false header but I want to fix it properly.
I think I fix this with the header verify=[path to raw CA Bundle]
is that correct? and if so, where do I get the cert bundle from?
Thanks!
Solved! Go to solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
figured it out, the correct syntax is verify="path/to/cert.crt"
I used the cisco cert which i downloaded from the cisco API dashboard
https://developer.cisco.com/meraki/api/#!getting-started/obtaining-your-meraki-api-key
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I used this command to show the certificate being used:
openssl s_client -connect api.meraki.com:443 2>/dev/null | openssl x509 -noout -text
It shows the issuer to be:
Issuer: C = US, O = DigiCert Inc, CN = DigiCert TLS RSA SHA256 2020 CA1
So you would need to load in one of the Digicert root certificates:
https://www.digicert.com/kb/digicert-root-certificates.htm
More info:
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
thanks!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
😞 Im still having trouble.
I installed a few of the certs into my cert store which didnt work, so I then put them in a folder and just added a header in the code to point to it (I tried verify= and cert=).
Still didnt work - Im not sure what to do next. I just get errors saying unable to get local issuer certificate (_ssl.c:992
I spoke to support for Pycharm and they said the correct method is specified by the API and not pycharm 😞
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
figured it out, the correct syntax is verify="path/to/cert.crt"
I used the cisco cert which i downloaded from the cisco API dashboard
https://developer.cisco.com/meraki/api/#!getting-started/obtaining-your-meraki-api-key
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I am using Windows and getting the similar error to yours:
requests.exceptions.SSLError: HTTPSConnectionPool(host='api.meraki.com', port=443): Max retries exceeded with url: /api/v1/organizations/xxxxx/networks (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:992)')))
Where in the API Dashboard did you get the Cert?
I can user Postman with no SSL issue but I need to use Python for other scripts. Can't get pass the SSL: error.
Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@Adrian4 are you using a Apple M1/M2 Mac? Your python / pycharm environment could have an effect on SSL as well? Under normal circumstances you should not need to download Certificates for Meraki API
CCIE #60154
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
No, just plain windows.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
HI,
I have the same issue and i'm using a Apple M1.
here is the error message:
"2024-09-19 22:26:12 meraki.aio: WARNING > organizations, getOrganizationAdmins > https://api.meraki.com/api/v1/organizations/1128782/admins - Cannot connect to host api.meraki.com:443 ssl:True [SSLCertVerificationError: (1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate in certificate chain (_ssl.c:1000)')], retrying in 1 second"
Any idea?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The solution to this is above:
https://community.meraki.com/t5/Developers-APIs/SSL-error-in-python/m-p/186312/highlight/true#M7688
Note that if your company is using transparent TLS inspection (which I think it is, because you are getting a warning about a self signed certificate) then you will need to get that certificate from your comany instead.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi
Thank you for your reply. I managed to to fix it after my post.
On mac, when you install python, the is a exe named: "Install Certificates.command: in the /Application/Python 3.12/
After executing it, it fixed the issue.
No need to chaneg the meraki script.
cheers,
Mat