All geek questions in one place

SSL3 Certificate Verification Failed When Connecting to JIRA API Using Python

I am currently encountering an error when trying to connect to JIRA using Python2.7 and the JIRA REST API ( http://jira-python.readthedocs.org/en/latest/ ).

When I do the following:

from jira.client import JIRA options = { 'server': 'https://jira.companyname.com' } jira = JIRA(options)

I get the following error message in the console:

 requests.exceptions.SSLError: [Errno 1] _ssl.c:507: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

Is there something I may have missed or am doing wrong?

Thanks!

+8
source share
3 answers

I know that I was late for this answer, but I hope this helps someone in the future.

Why you should not turn off verification

Although disabling certificate verification is the easiest "solution", it is not recommended. Essentially, it says: β€œI don’t care if I trust you or not, I’ll send you all my information anyway.” This opens you up for the Man in the Middle attack.

If you connect to your company's Jira server and it has a certificate for TLS / SSL, you should check this. I would ask your IT department where this certificate is. This is possible in some kind of root certificate for your company.

If you connect to the server in Chrome (for example), it should show a lock in the left corner of the address bar if it is protected via TLS / SSL.

You can Right-Click that lock β†’ Details β†’ View Certificate in Chrome.

OK, so what should I do?

Provide the required certificate for the verify option directly.

jira-python uses Requests for HTTP- jira-python (see documentation) . And in accordance with the Requests documentation, you can specify the path to the certificate file in verify .

Thus, you can provide your company's root certificate for verify as follows:

 jira_options = { 'server': jira_server_name, 'verify': 'path/to/company/root/certificate', }

If you are using a Windows computer (a safe guess?), This root certificate is stored in the registry, and the best way to get it is to use wincertstore .

+6
source

I ran into a similar SSL certificate validation error and looked at the JIRA method definitions, which allows disabling validation.

  :param options: Specify the server and properties this client will use. Use a dict with any of the following properties: * server -- the server address and context path to use. Defaults to ``http://localhost:2990/jira``. * rest_path -- the root REST path to use. Defaults to ``api``, where the JIRA REST resources live. * rest_api_version -- the version of the REST resources under rest_path to use. Defaults to ``2``. * verify -- Verify SSL certs. Defaults to ``True``. * resilient -- If it should just retry recoverable errors. Defaults to `False`.

Try the following:

 from jira.client import JIRA options = {'server': 'https://jira.companyname.com','verify':False} jira = JIRA(options)
+11
source

On a Windows system, please do the following: -

  1. Go to the site using Google Chrome, then click the lock button.
  2. Now click on the certificate , a new window will appear.
  3. Then click on the certification path , select the first option from the list that will be root, then select View Certificate , another window will appear.
  4. Go to the " Details " tab, click " Copy to file . " Then click " Next" , select the " Encoded Base-64 x509. (CER) " switch, click "Next" and save the .cer file locally.

Once the .cer file is received, add it to the Python script as follows:

 jira_options = { 'server': jira_server_name, 'verify': 'path/to/company/root/certificate.cer' }

This should work without any security warnings.

0
source

Source: https://habr.com/ru/post/970105/

More articles:


All Articles