Meraki

Community

SSL error in python

Solved
Adrian4
Head in the Cloud
‎Feb 27 2023 6:58 AM
‎Feb 27 2023 6:58 AM

SSL error in python

Hello,

 

I am making API calls via python script in "Pycharm". Every call I make fails with 

 

requests.exceptions.SSLError: HTTPSConnectionPool(host='api.meraki.com', port=443): Max retries exceeded with url: /api/v1/organizations/xxxxx/networks (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:992)')))

 

 

I can get around this by adding a verify=false header but I want to fix it properly.

I think I fix this with the header verify=[path to raw CA Bundle]  

is that correct? and if so, where do I get the cert bundle from?

Thanks!

0 Kudos
1 Accepted Solution
In response to Adrian4
Adrian4
Head in the Cloud
‎Feb 28 2023 8:28 AM
‎Feb 28 2023 8:28 AM

figured it out, the correct syntax is verify="path/to/cert.crt"

I used the cisco cert which i downloaded from the cisco API dashboard
https://developer.cisco.com/meraki/api/#!getting-started/obtaining-your-meraki-api-key

View solution in original post

10 Replies 10
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Feb 27 2023 11:45 AM
‎Feb 27 2023 11:45 AM

I used this command to show the certificate being used:

openssl s_client -connect api.meraki.com:443 2>/dev/null | openssl x509 -noout -text

It shows the issuer to be:

Issuer: C = US, O = DigiCert Inc, CN = DigiCert TLS RSA SHA256 2020 CA1

 

So you would need to load in one of the Digicert root certificates:

https://www.digicert.com/kb/digicert-root-certificates.htm 

 

More info:

PhilipDAth_0-1677527068026.png

 

PhilipDAth_1-1677527082925.png

 

 

PhilipDAth_2-1677527096962.png

 

In response to PhilipDAth
Adrian4
Head in the Cloud
‎Feb 28 2023 12:36 AM
‎Feb 28 2023 12:36 AM

thanks!

0 Kudos
Adrian4
Head in the Cloud
‎Feb 28 2023 12:55 AM
‎Feb 28 2023 12:55 AM

😞 Im still having trouble.

I installed a few of the certs into my cert store which didnt work, so I then put them in a folder and just added a header in the code to point to it (I tried verify=   and cert=).

Still didnt work - Im not sure what to do next. I just get errors saying unable to get local issuer certificate (_ssl.c:992 

I spoke to support for Pycharm and they said the correct method is specified by the API and not pycharm 😞

0 Kudos
In response to Adrian4
Adrian4
Head in the Cloud
‎Feb 28 2023 8:28 AM
‎Feb 28 2023 8:28 AM

figured it out, the correct syntax is verify="path/to/cert.crt"

I used the cisco cert which i downloaded from the cisco API dashboard
https://developer.cisco.com/meraki/api/#!getting-started/obtaining-your-meraki-api-key

In response to Adrian4
sec1jrs
Here to help
‎Jun 21 2023 4:10 PM
‎Jun 21 2023 4:10 PM

I am using Windows and getting the similar error to yours:


requests.exceptions.SSLError: HTTPSConnectionPool(host='api.meraki.com', port=443): Max retries exceeded with url: /api/v1/organizations/xxxxx/networks (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:992)')))

 

Where in the API Dashboard did you get the Cert?

 

I can user Postman with no SSL issue but I need to use Python for other scripts.  Can't get pass the SSL: error.

 

Thanks

 

0 Kudos
HolgerS
Meraki Employee
Meraki Employee
‎Mar 5 2023 11:46 PM
‎Mar 5 2023 11:46 PM

@Adrian4 are you using a Apple M1/M2 Mac? Your python / pycharm environment could have an effect on SSL as well? Under normal circumstances you should not need to download Certificates for Meraki API

Holger Struckmann
CCIE #60154
0 Kudos
In response to HolgerS
Adrian4
Head in the Cloud
‎Mar 6 2023 12:30 AM
‎Mar 6 2023 12:30 AM

Hello,
No, just plain windows.

0 Kudos
In response to HolgerS
Matq
Conversationalist
‎Sep 19 2024 7:37 AM
‎Sep 19 2024 7:37 AM

HI,

I have the same issue and i'm using a Apple M1.

here is the error message:

"2024-09-19 22:26:12   meraki.aio:  WARNING > organizations, getOrganizationAdmins > https://api.meraki.com/api/v1/organizations/1128782/admins - Cannot connect to host api.meraki.com:443 ssl:True [SSLCertVerificationError: (1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate in certificate chain (_ssl.c:1000)')], retrying in 1 second"

 

Any idea?

0 Kudos
In response to Matq
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Sep 19 2024 1:08 PM
‎Sep 19 2024 1:08 PM

The solution to this is above:
https://community.meraki.com/t5/Developers-APIs/SSL-error-in-python/m-p/186312/highlight/true#M7688

 

Note that if your company is using transparent TLS inspection (which I think it is, because you are getting a warning about a self signed certificate) then you will need to get that certificate from your comany instead.

0 Kudos
In response to PhilipDAth
Matq
Conversationalist
‎Sep 19 2024 3:33 PM
‎Sep 19 2024 3:33 PM

Hi

Thank you for your reply. I managed to to fix it after my post.

On mac, when you install python, the is a exe named: "Install Certificates.command: in the /Application/Python 3.12/

After executing it, it fixed the issue.

No need to chaneg the meraki script.

cheers,

Mat

 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
© 2024 Cisco Systems, Inc.