bad certificate error
jakecjacobson
jakecjacobson at gmail.com
Tue Jul 28 06:35:55 EDT 2009
On Jul 28, 3:29 am, Nick Craig-Wood <n... at craig-wood.com> wrote:
> jakecjacobson <jakecjacob... at gmail.com> wrote:
> > I am getting the following error when doing a post to REST API,
>
> > Enter PEM pass phrase:
> > Traceback (most recent call last):
> > File "./ices_catalog_feeder.py", line 193, in ?
> > main(sys.argv[1])
> > File "./ices_catalog_feeder.py", line 60, in main
> > post2Catalog(catalog_host, catalog_port, catalog_path, os.path.join
> > (input_dir, file), collection_name, key_file, cert_file)
> > File "./ices_catalog_feeder.py", line 125, in post2Catalog
> > connection.request('POST', path, parameters, head)
> > File "/usr/lib/python2.4/httplib.py", line 810, in request
> > self._send_request(method, url, body, headers)
> > File "/usr/lib/python2.4/httplib.py", line 833, in _send_request
> > self.endheaders()
> > File "/usr/lib/python2.4/httplib.py", line 804, in endheaders
> > self._send_output()
> > File "/usr/lib/python2.4/httplib.py", line 685, in _send_output
> > self.send(msg)
> > File "/usr/lib/python2.4/httplib.py", line 652, in send
> > self.connect()
> > File "/usr/lib/python2.4/httplib.py", line 1079, in connect
> > ssl = socket.ssl(sock, self.key_file, self.cert_file)
> > File "/usr/lib/python2.4/socket.py", line 74, in ssl
> > return _realssl(sock, keyfile, certfile)
> > socket.sslerror: (1, 'error:14094412:SSL
> > routines:SSL3_READ_BYTES:sslv3 alert bad certificate')
>
> > My code where this error occurs is:
>
> > head = {"Content-Type" : "application/x-www-form-urlencoded",
> > "Accept" : "text/plain"}
> > parameters = urlencode({"collection" : collection, "entryxml" : open
> > (file,'r').read()})
> > print "Sending the file to: " + host
>
> > try:
> > try:
> > # Default port is 443.
> > # key_file is the name of a PEM formatted file that contains your
> > private key.
> > # cert_file is a PEM formatted certificate chain file.
> > connection = httplib.HTTPSConnection(host, int(port), key_file,
> > cert_file)
> > connection.request('POST', path, parameters, head)
> > response = connection.getresponse()
> > print response.status, response.reason
> > except httplib.error, (value,message):
> > print value + ':' + message
> > finally:
> > connection.close()
>
> > I was wondering if this is due to the server having a invalid server
> > cert?
>
> I'd say judging from the traceback you messed up key_file or cert_file
> somehow.
>
> Try using the openssl binary on them (read the man page to see how!)
> to check them out.
>
> > If I go to this server in my browser, I get a "This server tried to
> > identify itself with invalid information". Is there a way to
> > ignore this issue with Python? Can I setup a trust store and add
> > this server to the trust store?
>
> Invalid how? Self signed certificate? Domain mismatch? Expired certificate?
>
> --
> Nick Craig-Wood <n... at craig-wood.com> --http://www.craig-wood.com/nick
Nick,
Thanks for the help on this. I will check my steps on openssl again
and see if I messed up. What I tried to do was:
1. Save my PKI cert to disk. It was saved as a P12 file
2. Use openssl to convert it to the needed .pem file type
3. Saved the CA that my cert was signed by as a .crt file
These are the 2 files that I was using for key_file and
* cert_file -> CA
* key_file -> my PKI cert converted to a .pem file
"Invalid how? Self signed certificate? Domain mismatch? Expired
certificate?" It is a server name mismatch.
For everyone that wants to discuss why we shouldn't do this, great but
I can't change the fact that I need to do this. I can't use http or
even get a correct cert at this time. This is a quick a dirty project
to demonstrate capability. I need something more than slide show
briefs.
More information about the Python-list
mailing list