问题
I'm using Windows 10 OS.
I want to count the number of IP Address of AWS.
I use python 2.7.14 and boto 2.6.0
I add a file which name is boto.config locate C:\Users\Administrator folder
The content of the boto.config is:
[Credentials]
aws_access_key_id=******
aws_secret_access_key=*****
The script is :
#!/usr/bin/env python
# -*- encoding: utf8 -*-
import boto.ec2
from pprint import pprint
import ssh
import requests
import urllib3
import certifi
import ssl
conn = boto.ec2.connect_to_region('cn-north-1')
reservations = conn.get_all_instances()
InstanceMap=[]
for reservation in reservations:
for instance in reservation.instances:
if 'env' in instance.tags and instance.tags['env'] == 'test':
InstanceMap.append(instance.ip_address)
f = open('F:\ip.txt','w')
pprint(InstanceMap, f)
When I run this script, it show the error formation:
SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:661)
What's the method can I solve this problem ?
回答1:
I was having same issue with boto3 and Python 3.7 on Windows 10 machine. As it turned out, since I was using corporate device with Proxy installed, *.amazonaws.com certificate was getting replaced by the Proxy certificate. This Proxy certificate chain needed to be trusted by Python certifi module. Whether or not, you have a proxy, below method should resolve SSL: CERTIFICATE_VERIFY_FAILED error.
Here is what I did, to resolve the issue -
- Find the path where cacert.pem is located -
Install certifi, if you don't have. Command:
pip install certifi
import certifi
certifi.where()
C:\\Users\\[UserID]\\AppData\\Local\\Programs\\Python\\Python37-32\\lib\\site-packages\\certifi\\cacert.pem
Set
AWS_CA_BUNDLEenvironment variable to thecacert.pempath -AWS_CA_BUNDLE=C:\Users\[UserID]\AppData\Local\Programs\Python\Python37-32\Lib\site-packages\certifi\cacert.pemDownload the chain of certificates from amazonaws.com URL. For example: Go to https://sts.amazonaws.com/xyz on a browser and export Root, all the intermediate certificates, domain cert and save as base64 encoded .cer file. Open the certificates in notepad, copy all the contents.
Now open the cacert.pem in a notepad and just add every downloaded certificate contents (
---Begin Certificate--- *** ---End Certificate---) at the end.
Restart the command line prompt or PowerShell, SSL verification error should be resolved.
Do not use
is_secure = Falsein your organization's envrionments. This is essentially disabling SSL verification.
回答2:
Try adding is_secure = False like below, in order to skip ssl verification,
conn = boto.ec2.connect_to_region('cn-north-1',is_secure=False)
Try providing the credentials as so, that way you would know if the keys in boto config are old if this works, and if this returns the same issue then you need to check your api-key and secret on aws.
API_KEY = 'Actual API_KEY'
API_SECRET = 'Actual Secret'
conn = boto.ec2.connect_to_region('us-east-2',aws_access_key_id=API_KEY,aws_secret_access_key=API_SECRET,is_secure=False)
来源:https://stackoverflow.com/questions/49081752/when-i-use-python-boto-connect-to-aws-ec2-it-show-sslerror-ssl-certificate