Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

SSL error in python

Solved
Adrian4
A model citizen
‎Feb 27 2023 6:58 AM
‎Feb 27 2023 6:58 AM

SSL error in python

Hello,

 

I am making API calls via python script in "Pycharm". Every call I make fails with 

 

requests.exceptions.SSLError: HTTPSConnectionPool(host='api.meraki.com', port=443): Max retries exceeded with url: /api/v1/organizations/xxxxx/networks (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:992)')))

 

 

I can get around this by adding a verify=false header but I want to fix it properly.

I think I fix this with the header verify=[path to raw CA Bundle]  

is that correct? and if so, where do I get the cert bundle from?

Thanks!

0 Kudos
Subscribe
1 Accepted Solution
In response to Adrian4
Adrian4
A model citizen
‎Feb 28 2023 8:28 AM
‎Feb 28 2023 8:28 AM

figured it out, the correct syntax is verify="path/to/cert.crt"

I used the cisco cert which i downloaded from the cisco API dashboard
https://developer.cisco.com/meraki/api/#!getting-started/obtaining-your-meraki-api-key

View solution in original post

Subscribe
7 Replies 7
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Feb 27 2023 11:45 AM
‎Feb 27 2023 11:45 AM

I used this command to show the certificate being used:

openssl s_client -connect api.meraki.com:443 2>/dev/null | openssl x509 -noout -text

It shows the issuer to be:

Issuer: C = US, O = DigiCert Inc, CN = DigiCert TLS RSA SHA256 2020 CA1

 

So you would need to load in one of the Digicert root certificates:

https://www.digicert.com/kb/digicert-root-certificates.htm 

 

More info:

PhilipDAth_0-1677527068026.png

 

PhilipDAth_1-1677527082925.png

 

 

PhilipDAth_2-1677527096962.png

 

Subscribe
In response to PhilipDAth
Adrian4
A model citizen
‎Feb 28 2023 12:36 AM
‎Feb 28 2023 12:36 AM

thanks!

0 Kudos
Subscribe
Adrian4
A model citizen
‎Feb 28 2023 12:55 AM
‎Feb 28 2023 12:55 AM

😞 Im still having trouble.

I installed a few of the certs into my cert store which didnt work, so I then put them in a folder and just added a header in the code to point to it (I tried verify=   and cert=).

Still didnt work - Im not sure what to do next. I just get errors saying unable to get local issuer certificate (_ssl.c:992 

I spoke to support for Pycharm and they said the correct method is specified by the API and not pycharm 😞

0 Kudos
Subscribe
In response to Adrian4
Adrian4
A model citizen
‎Feb 28 2023 8:28 AM
‎Feb 28 2023 8:28 AM

figured it out, the correct syntax is verify="path/to/cert.crt"

I used the cisco cert which i downloaded from the cisco API dashboard
https://developer.cisco.com/meraki/api/#!getting-started/obtaining-your-meraki-api-key

Subscribe
In response to Adrian4
sec1jrs
Here to help
‎Jun 21 2023 4:10 PM
‎Jun 21 2023 4:10 PM

I am using Windows and getting the similar error to yours:


requests.exceptions.SSLError: HTTPSConnectionPool(host='api.meraki.com', port=443): Max retries exceeded with url: /api/v1/organizations/xxxxx/networks (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:992)')))

 

Where in the API Dashboard did you get the Cert?

 

I can user Postman with no SSL issue but I need to use Python for other scripts.  Can't get pass the SSL: error.

 

Thanks

 

0 Kudos
Subscribe
HolgerS
Meraki Employee
Meraki Employee
‎Mar 5 2023 11:46 PM
‎Mar 5 2023 11:46 PM

@Adrian4 are you using a Apple M1/M2 Mac? Your python / pycharm environment could have an effect on SSL as well? Under normal circumstances you should not need to download Certificates for Meraki API

Holger Struckmann
CCIE #60154
0 Kudos
Subscribe
In response to HolgerS
Adrian4
A model citizen
‎Mar 6 2023 12:30 AM
‎Mar 6 2023 12:30 AM

Hello,
No, just plain windows.

0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
© 2024 Cisco Systems, Inc.