1. 首頁
  2. 問答
  3. CERTIFICATE_ERRIFY_FAILED當使用urllib連接到almerys.com

CERTIFICATE_ERRIFY_FAILED當使用urllib連接到almerys.com

2017-07-25 257 views
0

我想連接到一個服務器,有一個標記,當我試圖檢查連接時,我得到了上述錯誤。有沒有人知道我爲什麼得到這個或如何建立這種安全服務器的連接?CERTIFICATE_ERRIFY_FAILED當使用urllib連接到almerys.com

這裏是我的代碼:

import requests 
import json 
import urllib.request 
import os 

req0 = "http://127.0.0.1:8000/" 
reqvar = "https://santeintegration.almerys.com/vfcapi/" 

#data = {"ip":"1.1.2.3"} 
headers = {"Authorization":"Bearer {eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJtYWMtbGxveWQiLCJhdWQiOiJodHRwczovL3NhbnRlaW50ZWdyYXRpb24uYWxtZXJ5cy5jb20vdmZjYXBpLyIsIm5iZiI6MTUwMTAwNDYyMCwiZXhwIjoxNTAxMDI2MjE3LCJzdWIiOiJnYXlhIiwiYWRtaW4iOnRydWV9.KG3duwUqGusyWOC9BNezFoQVEPzkWkpZHfrBs94sKkV86Tyys_QiP5WzBG53cQMbhsHEYMZPtvNHv6zcaD9e9hxt0iBywfN7mdp9wmB60zPDdD88tPWpvUxGkescRWHEnLd-uDpWynPeCa3Wm1Htr-Cz_d3NPm2bdhqJKguYRa_ZUc3f-xvLVKOc4sCv0kD9-qwR-e9cGXCtrkCcZQ4Hr13RUnDc4Z6__A13xMAujh4wwEcI57FSrhUmtnjB83T2RdaieSfuwMjxNJRXyEhBWgAWp5YzWaDcjMAvqQLTy34p5ejtcAdb9IdfDtAaI2SqKU_dcVzNtm3Wm9OwS50bJw}"} 

request = urllib.request.Request(reqvar,headers)#, headers=req_headers) 
opener = urllib.request.build_opener() 
response2 = opener.open(request) 

html=response2.read() 
json_obj = json.loads(html) 
token_string = json_obj["token"].encode("ascii","ignore") 
print(token_string)

及以下錯誤:

Traceback (most recent call last): 
    File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/urllib/request.py", line 1318, in do_open 
    encode_chunked=req.has_header('Transfer-encoding')) 
    File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/http/client.py", line 1239, in request 
    self._send_request(method, url, body, headers, encode_chunked) 
    File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/http/client.py", line 1285, in _send_request 
    self.endheaders(body, encode_chunked=encode_chunked) 
    File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/http/client.py", line 1234, in endheaders 
    self._send_output(message_body, encode_chunked=encode_chunked) 
    File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/http/client.py", line 1026, in _send_output 
    self.send(msg) 
    File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/http/client.py", line 964, in send 
    self.connect() 
    File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/http/client.py", line 1400, in connect 
    server_hostname=server_hostname) 
    File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/ssl.py", line 401, in wrap_socket 
    _context=self, _session=session) 
    File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/ssl.py", line 808, in __init__ 
    self.do_handshake() 
    File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/ssl.py", line 1061, in do_handshake 
    self._sslobj.do_handshake() 
    File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/ssl.py", line 683, in do_handshake 
    self._sslobj.do_handshake() 
ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:748) 

During handling of the above exception, another exception occurred: 

Traceback (most recent call last): 
    File "request.py", line 15, in <module> 
    response2 = opener.open(request) 
    File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/urllib/request.py", line 526, in open 
    response = self._open(req, data) 
    File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/urllib/request.py", line 544, in _open 
    '_open', req) 
    File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/urllib/request.py", line 504, in _call_chain 
    result = func(*args) 
    File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/urllib/request.py", line 1361, in https_open 
    context=self._context, check_hostname=self._check_hostname) 
    File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/urllib/request.py", line 1320, in do_open 
    raise URLError(err) 
urllib.error.URLError: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:748)>

來源

2017-07-25 BELLOUL GAYA

+1

上https://santeintegration.almerys.com/ SSL證書配置不正確的Firefox說: 該證書不被信任,因爲發行者證書是未知的。服務器可能不會發送適當的中間證書。可能需要導入額外的根證書。在https://stackoverflow.com/questions/19268548/python-ignore-certicate-validation-urllib2 –

+0

+1中查看EnnoGröper的回答(不是接受的答案),用於提供用於連接到服務器的URL。我們實際上可以與您一起排除故障,並幫助提供修復程序。 – jww

回答

0

是否有任何人知道是爲什麼我得到這個或如何對這種安全服務器的連接?

您需要爲ALMERYS SAS Orange集團添加CA根到您的證書信任庫。 ALMERYS SAS ORANGE GROUP是服務器證書的頒發者。

快速谷歌沒有透露在哪裏下載它。你將不得不找到它。但是,證書AIA有:

Authority Information Access: 
    CA Issuers - URI:http://testpki.almerys.com/trustca.cer

所以:

$ wget http://testpki.almerys.com/trustca.cer 
... 
Saving to: ‘trustca.cer’ 
trustca.cer   100%[===================>] 1.62K --.-KB/s in 0s

然後,學習的格式(ASN.1/DER或PEM)。它的二進制數據,所以它的ASN.1/DER編碼。

$ file trustca.cer 
trustca.cer: data

Convert to PEM

$ openssl x509 -inform DER -outform PEM -in trustca.cer -out trustca.pem 
$ cat trustca.pem 
-----BEGIN CERTIFICATE----- 
MIIGdDCCBFygAwIBAgICJzAwDQYJKoZIhvcNAQELBQAwaDELMAkGA1UEBhMCRlIx 
... 
UFORwJIYc73ahrOFaymciYWwZcjEkoFPwKPAzVFemn2d0Jmmkf9nZwFFVXVUlWUy 
n6VhJFs4KROshsQl5RKgi1qli+5DfYdS 
-----END CERTIFICATE-----

現在,使用trustca.pem作爲urllib的CA根或將其添加到您的信任存儲區。另請參見問題,如Add SSL CA File Using urllib2Urllib and validation of server certificate

req0 = "http://127.0.0.1:8000/" 
reqvar = "https://santeintegration.almerys.com/vfcapi/"

還要注意的是127.0.0.1:8000santeintegration.almerys.com是不同的來源。 Almerys.com的證書不會驗證127.0.0.1

對於127.0.0.1您需要包含IP地址的本地主機上的證書。爲此,請參閱How to create a self-signed certificate with openssl?該證書還需要添加到信任庫中。

$ openssl s_client -connect santeintegration.almerys.com:443 -tls1 -servername santeintegration.almerys.com | openssl x509 -text -noout 
depth=1 C = FR, O = ALMERYS SAS ORANGE GROUP, OU = 0002 432701639, OU = TRUSTED SERVICES, CN = TEST ALMERYS TRUST CA 
verify error:num=20:unable to get local issuer certificate 
Certificate: 
    Data: 
     Version: 3 (0x2) 
     Serial Number: 22501 (0x57e5) 
    Signature Algorithm: sha256WithRSAEncryption 
     Issuer: C=FR, O=ALMERYS SAS ORANGE GROUP, OU=0002 432701639, OU=TRUSTED SERVICES, CN=TEST ALMERYS TRUST CA 
     Validity 
      Not Before: Feb 29 07:50:04 2016 GMT 
      Not After : Feb 28 07:50:04 2018 GMT 
     Subject: C=FR, O=ALMERYS, CN=santeintegration.almerys.com 
     Subject Public Key Info: 
      Public Key Algorithm: rsaEncryption 
       Public-Key: (2048 bit) 
       Modulus: 
        00:a0:5e:c5:0d:f8:4d:52:80:dc:a6:e1:e1:42:c8: 
        db:30:ed:11:52:3f:80:e0:73:54:43:81:e3:e4:3b: 
        7a:f4:b7:cf:a7:2b:d8:22:42:90:1a:b2:6c:6a:9b: 
        b3:7d:49:ce:fc:e5:0e:d1:4a:4d:33:9a:cc:1f:7d: 
        d0:47:18:28:cc:6d:9f:78:b1:f4:71:2b:73:a5:11: 
        4a:25:f2:42:c3:66:2a:95:e2:7c:65:1d:f1:46:65: 
        68:e0:f1:c1:91:92:27:0d:ac:32:17:b5:67:63:41: 
        0e:4b:8c:00:0e:cd:b8:94:55:91:5c:04:4b:16:03: 
        ef:dc:05:81:4d:cd:91:d5:3a:ae:20:b4:1f:fe:9f: 
        04:21:c9:04:e2:09:e5:df:58:35:f2:c5:7f:34:34: 
        c1:71:27:02:24:ed:c2:d8:90:c1:19:35:7f:69:59: 
        11:61:da:05:c2:77:dd:5a:d7:e7:22:37:96:6d:bd: 
        0e:97:2e:f3:34:22:66:e1:27:57:4e:33:23:43:f8: 
        2a:a5:a2:f6:6d:ca:37:14:cd:aa:b2:e1:9e:cb:73: 
        ee:09:17:19:1e:66:33:4f:c7:f2:a1:16:e9:9a:33: 
        26:5f:f2:45:48:eb:04:b1:b8:5f:36:58:a2:97:b6: 
        98:8d:17:58:44:f9:92:94:66:64:7f:29:95:93:18: 
        d9:37 
       Exponent: 65537 (0x10001) 
     X509v3 extensions: 
      X509v3 Extended Key Usage: 
       TLS Web Server Authentication 
      X509v3 Subject Key Identifier: 
       41:EE:B2:B4:42:25:EC:6B 
      X509v3 Authority Key Identifier: 
       keyid:1F:CE:44:5C:5B:7F:A5:83:23:F7:74:0B:CD:58:C5:7C:BA:C2:F3:2C 

      Authority Information Access: 
       CA Issuers - URI:http://testpki.almerys.com/trustca.cer 

      X509v3 Key Usage: 
       Digital Signature, Key Encipherment, Data Encipherment 
      X509v3 CRL Distribution Points: 

       Full Name: 
        URI:http://testpki.almerys.com/trustca.crl 

    Signature Algorithm: sha256WithRSAEncryption 
     62:59:12:7c:90:55:2c:37:cd:20:b4:be:f0:fa:ef:eb:ad:b0: 
     17:56:37:48:0e:a1:c4:00:a6:07:58:d1:7f:85:b1:42:f2:7a: 
     a3:cd:9f:42:a8:99:5a:26:5b:6c:01:d5:8d:a6:f1:73:22:34: 
     2a:bb:88:91:c9:50:a9:4a:be:66:ea:7b:c2:6d:36:21:6d:fc: 
     83:d1:0a:14:b4:62:c8:9c:a2:02:2a:3e:3d:ff:75:a0:a5:f4: 
     2c:69:93:97:06:05:72:ad:12:1e:c8:62:f9:18:b5:fb:f8:82: 
     61:a5:a9:5b:bb:1d:28:35:cf:cb:d8:d0:4c:7d:09:db:1b:ec: 
     bd:1b:3b:c1:06:df:3f:44:07:38:ac:f7:79:d7:68:35:c4:94: 
     da:74:19:97:94:f8:05:bc:e6:bf:8c:c4:49:87:21:96:5d:f2: 
     13:ea:e9:17:ec:ed:2d:a8:cd:ee:fe:68:e9:42:4f:64:a6:49: 
     f0:01:87:05:fa:a6:61:12:e3:f7:73:74:24:b2:70:a6:34:cd: 
     34:6d:0b:45:a1:40:8d:3f:9d:02:b7:df:1c:96:de:3a:bb:72: 
     35:6e:7b:bb:bb:61:8a:77:ce:63:b7:5e:cb:54:11:72:8d:1f: 
     8d:fe:34:de:ba:cc:86:1e:06:30:3c:ae:5b:16:91:22:64:dc: 
     6d:14:55:95:bb:74:62:a9:78:94:4d:b0:e0:1f:f6:b3:24:9c: 
     94:0e:da:2d:9e:d1:9d:7c:c2:0a:70:e0:74:f5:b3:de:4c:d0: 
     fa:79:01:b1:fb:fb:5f:b8:21:37:50:63:12:c7:c6:f4:33:90: 
     a2:80:0d:6c:af:be:6c:bd:3e:8c:aa:14:6c:13:67:a5:57:44: 
     13:9a:75:52:9e:53:03:0f:bb:09:e1:f4:e9:ae:1e:e0:d2:4c: 
     23:fa:9c:2a:b1:75:66:96:08:a7:19:59:c3:95:3a:c6:9d:21: 
     68:5e:0e:f1:d5:34:b5:08:e3:03:a0:8f:47:9e:32:dc:e8:df: 
     8b:32:b4:a0:d8:d5:60:ac:33:2f:b6:81:13:50:fa:1b:88:d8: 
     3c:33:76:c2:8a:bf:d2:60:3a:e1:8e:e3:4a:ac:26:72:c7:12: 
     7e:24:09:19:f3:6c:80:3b:15:e4:0a:a6:c5:a2:2e:70:ef:f5: 
     43:12:ca:23:2c:b9:da:8e:c7:37:52:41:86:b9:c2:1a:e9:6f: 
     a8:1c:0e:2b:b0:80:f9:d8:dd:80:e9:12:a4:cf:75:3b:ca:2b: 
     45:0e:29:f0:6e:c5:77:4b:d4:41:d9:c9:7b:b2:2c:3e:ff:29: 
     de:15:e1:26:5d:03:88:14:fd:3f:24:fc:4d:c2:d5:13:38:24: 
     f1:07:06:af:d9:30:c4:e0

來源

2017-07-27 00:04:18 jww

相關問題

 相關問題