问题
I want to program webservices to exchange data in Python using Zeep. I can access services only with my certificate. I have a PFX certificate, but I converted it to two .pem files.
My code:
from zeep import Client
from zeep.wsse.signature import Signature
import requests
from requests import Session
key_filename ='/.files/cert.key.pem'
cert_filename = './files/cert.crt.pem'
session = Session()
r = requests.get('https:...../PingWs?wsdl',
cert=(cert_filename, key_filename))
print (r)
But I get
raise SSLError(e, request=request) requests.exceptions.SSLError: HTTPSConnectionPool(host='evidim-test.gov.si', port=443): Max retries exceeded with url: /ws/test/PingWs?wsdl (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')],)",),))
回答1:
Its an issue you will have to resolve by whitelisting the CA certificate used to sign the remote server certificate you are trying to connect to from your system settings. But for the purposes of testing out only, you can turn off the verification using:
r = requests.get('https:...../PingWs?wsdl',verify=False)
Don't use this in production.
Hope it helps!
回答2:
This error almost certainly means that the remote endpoint is not signed with a certificate in your local certificate authority store. You have two options:
Install the certificate in the CA store that requests uses. By default this is your local system CA store, at least as well as it can be determined by requests.
Configure a different set of certificates to be used on a requests session object.
As an example:
import requests.sessions
photon_requests_session = requests.sessions.Session()
photon_requests_session.verify = "/etc/photon/cacerts.pem"
Then I need to make sure that the server CA certificate is in /etc/photon/cacerts.pem. I use this like:
r = photon_requests_session.get(url)
来源:https://stackoverflow.com/questions/47208466/sslerrorbad-handshake-when-trying-to-access-resources-custom-certificates-an