I am running a windows service using python 2.7.9. As part of this, I am trying to connect to the server using HTTPS. I am using the query model (2.7.0) for this. I also use the wincertstore (0.2) model to read the Windows certificate store and use it as a CA. the server certificate is placed using an intermediate certificate in the following order -
Root is the Daddy Folder Tuple Certification Guide - G2
Intermediate is the "Go Daddy Secure Certificate Authority - G2"
Server Certificate "* .demoserver.com"
My problem is that the certificate validation fails: SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] the certificate was verified (_ssl.c: 581).
Here is the code I'm using:
import requests
import wincertstore
ca = wincertstore.CertFile()
ca.addcerts('ROOT')
ca.addcerts('CA')
requests.get('https://server.demoserver.com', verify=ca.name)
If I open it in Chrome \ Firefox \ IE, the check will succeed. I noticed the following behavior:
In the new OS, if I first open the server using a browser, an intermediate certificate ("Go Daddy Secure Certificate Authority - G2") will be added to the Windows certificate store under this user in the Intermediate Certification Authority section, If then I ran the code above from the python console Verification will work, since the certificate has been added to the Windows store. However, since my code runs as a service, which means using the SYSTEM user and local storage, the certificate will not be there, and verification will not be performed.
, ? python, , , , ( ), , .
certifi CA,