(2 votes, average: 5.00 out of 5, rated)
Loading...Fixing “SSL: CERTIFICATE_VERIFY_FAILED” Error in Python
(2 votes, average: 5.00 out of 5, rated)Loading...
Four methods to resolve the SSL certificate_verify_failed error in Python
Are you a Python developer? If affirmative, then I am certain that you must have encountered the certificate_verify_failed error while making HTTPS requests in Python. Although the procedure for rectifying this Python error is relatively straightforward, there are still a multitude of individuals who lack the knowledge of how to resolve it. In an effort to aid those individuals who are grappling with this error, we will explore the SSL certificate_verify_failed error in Python, the possible reasons behind this error, and a couple of quick steps to fix them.
What is the CERTIFICATE_VERIFY_FAILED error in Python?
The CERTIFICATE_VERIFY_FAILED error is a type of standard SSL error that users using a Python environment usually face. The error occurs when making HTTPS requests using the requests module in Python.
When the client’s browser affirms that the SSL certificate is valid and authentic, it establishes the connection. But, if the client cannot confirm the server’s originality through the Secure Socket Layer certificate, it pops out the certificate_verify_failed error.
Why do the Python requests ssl certificate_verify_failed errors occur?
There are “n” number of causes that can act as the reason behind the occurrence of the python requests ssl certificate_verify_failed error. Here are three of the most expected reasons:
Expired or Invalid SSL Certificate
An SSL certificate is issued for a particular period and must be renewed occasionally. If the SSL certificate has expired or is invalid, the client cannot verify it, resulting in the ssl certificate_verify_failed Python error. (The client also checks the Certificate Revocation list, and if it finds the certificate in that list, it stops communication.)
The issue with the SSL certificate chain
An SSL certificate chain is a hierarchy of trust consisting of a Root certificate, Intermediate, and leaf certificates. There can be more than one intermediate certificate that links the leaf certificate with the Root certificate to protect the Root certificate and establish the chain of trust. The chain confirms the genuineness of the SSL certificate submitted by the server. If the SSL certificate chain is broken or incomplete, then in that case, the client cannot verify the SSL certificate, resulting in the certificate_verify_failed error. (Assuming the chain has a leaf and intermediate certificates, but the Root certificate is missing)
Obsolete Python default certificates
The SSL certificate_verify_failed Python error can also occur due to this reason. The default certificates that come with the Python installation may not be updated with the latest Root certificates, and because of this, the client may fail, resulting in the client failing to verify the SSL certificate presented by the server.
How to resolve the certificate_verify_failed error?
You can resolve the certificate_verify_failed error by:
Creating an SSL context without certificate verification
Let me forewarn you that using an SSL context without certificate verification can leave your connection vulnerable to cyber threats and attacks, such as man-in-the-middle. If you still desire to proceed even after this forewarning, creating an SSL context without certificate verification is possible using the create_unverified_context() function from the Python SSL module.
To accomplish this, use the command given below:
import sslcontext = ssl._create_unverified_context()urllib.request.urlopen(req,context=context)Creating an SSL context without HTTPS certificate verification
The server’s SSL certificate is verified by default when making an HTTPS request in Python. To revise this, we can make an SSL context without HTTPS certificate verification using the create_default_https_context() and _create_unverified_context() functions from the SSL module in Python.
To accomplish this, use the command given below:
import sslssl._create_default_https_context = ssl._create_unverified_context urllib2.urlopen(“https://google.com”).read()Updating the SSL certificate bundle using PIP
We can update our SSL certificate bundle using PIP to fix this error. PIP is a package installer for Python that authorizes to install and handle Python packages. The certifi package is a Python package that provides a collection of SSL certificates. By installing and upgrading the certifi package, we can update our system’s SSL certificate directory and ensure that it includes the latest SSL certificates.
To accomplish this, use the command given below:
pip install –upgrade certifiUsing the requests module and setting SSL verification to false
Another method to resolve the Python requests SSL certificate_verify_failed error is by using the requests library in Python and disabling SSL verification by changing the “verify” parameter to False.
To accomplish this, use the command given below:
requests.get(url, headers=Hostreferer,verify=False)The certificate_verify_failed error occurs when the client cannot verify the server’s SSL certificate. The error can be caused due to an expired or invalid SSL certificate, issues with the SSL certificate chain, or obsolete Python default certificates. To resolve this error, one can create an SSL context without certificate verification and HTTPS, update the cert bundle using PIP, or use the requests module and set SSL verification to false.
