How to configure trusted CA certificates for SSL client?
Yang, Gang CTR (US)
gang.yang.ctr at mail.mil
Tue Feb 7 12:41:13 EST 2017
Hi,
I'm using Python 3.X (3.5 on Windows 2008 and 3.4 on CentOS 6.7) and encountered an SSL client side CA certificates issue. The issue came up when a third-party package (django-cas-ng) tried to verify the CAS service ticket (ST) by calling CAS server using requests.get(...) and failed with CERTIFICATE_VERIFY_FAILED error. The CAS server is accessed by HTTPS with a self-signed server certificate. Following some suggestions on the internet, I've tried to modify django-cas-ng's code to call requests.get(..) with verify parameter, such as requests.get(..., verify=False) and requests.get(..., verify="CAS server cert"). Both workarounds worked, but I can't change third-party package code. I also tried to add the CAS server cert to the underlying OS (Windows 2008 and CentOS 6.7), but it did not help.
My question is where does SSL client code get the trusted CA certificates from, from Python or the underlying OS? What configuration do I need in order for the SSL client to conduct the SSL handshake successfully?
Appreciate any help!
Gang
Gang Yang
Shonborn-Becker Systems Inc. (SBSI)
Contractor Engineering Supporting SEC
Office: 732-982-8561, x427
Cell: 732-788-7501<tel:732-740-4656>
Email: gang.yang.ctr at mail.mil<mailto:gang.yang.ctr at mail.mil>
More information about the Python-list
mailing list