Linux (non-RHEL): Python code fails to connect to https, with certificate errors

Problem

Your Python code, using the urllib2 package to access any secure (https) site, fails with certificate errors.

Environment

Linux systems other than RHEL, using Canopy Python 2.7.9+ (i.e. Canopy 1.5.3 and later).

Cause

In Canopy, which is built for RHEL5, the urllib2 package does not know where to find the CA certificate bundle on arbitrary Linux distributions. (In contrast, when urllib2 is built for a particular Linux distribution as in the system Python that comes with your Linux distro, this directory location is hard-coded.)

Most robust solution

Convert your code to use the requests package rather than urllib2.

Quicker workaround on an individual system

(Admin rights required.) Create a symlink from /etc/pki/tls/ to the location where the CA certificate bundle is located on your system. For a list of these locations on various Linux distributions, see "Installing CA Certificates into the OpenSSL framework".

For example, on Ubuntu, the following steps should suffice:

sudo mkdir -p /etc/pki/tls
sudo ln -s /etc/ssl/certs /etc/pki/tls/certs

Opt out

It is sometimes possible, though risky, to opt out of certificate verification. See https://www.python.org/dev/peps/pep-0476/#opting-out 

 

Please do not enter support requests in article comments

Please use article comments for suggestions to improve the article. For individual support requests, please follow these guidelines.

Have more questions? Submit a request

Comments

  • Avatar
    salem ameen

    This article helps me a lot many thanks

Powered by Zendesk