Allow encrypted certificate, Python and Windows

Question

Allow encrypted certificate, Python and Windows

I changed my web server from HTTP to HTTPS using "Let's s Encrypt" . The web server contains an API, and I have a Python application that uses the API.

On Linux, everything is fine, but on Windows I get this below when I log in.

[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590)

I thought the SSL certificate was not installed.

So, I downloaded "isrgrootx1.der" and "let-encrypt-x1-cross-signed.der" renamed both to the end of "* .cer".

Then I opened the Windows console and ran this:

 certutil -addstore "Root" "isrgrootx1.cer". certutil -addstore "Root" "lets-encrypt-x1-cross-signed.cer".

The second command did not complete because it is not a root certificate. My question is: in which group is let-encrypt-x1-cross-signed.cer installed?

+8

python windows ssl-certificate lets-encrypt certutil

clausismus Jan 27 '16 at 7:30

source share

2 answers

jsha · Answer 1 · 2017-10-13T23:37:53+0000

You do not need to add "let-encrypt-x1-cross-signed.cer" to your Windows machine, as it is only an intermediate certificate. And you also do not need to add "isrgrootx1.cer", as it encrypts the "DST Root X3" certificate chain, which is already included in Windows.

Most likely your web server is not configured to send an intermediate certificate. For example, if you use Certbot, you need to configure your web server using "fullchain.pem" and not "cert.pem".

TheDarkKnight · Answer 2 · 2017-06-01T06:19:06+0000

I ran into the same problem when using python-requests library.

Here is what worked for me:

 r = requests.post(url, *verify=False*) # Verify=false being the key element here requests.packages.urllib3.util.ssl_.DEFAULT_CIPHERS += 'HIGH:!DH:!aNULL' # this is to deal with the "dh key too small" error that you might face later

Hope this helps!

Allow encrypted certificate, Python and Windows

More articles: