Pydap connection to a TLS/SSL server with a self-signed certificate
3 views
Skip to first unread message
Jim Fluke
Jul 12, 2024, 11:49:22 AM7/12/24
to py...@googlegroups.com
Hello,
I have a tests thredds server that running inside our VPN that is configured to use basic user authentication and TLS/SSL encryption using a self-signed certificate. This works fine for connecting with a browser by pushing through the certificate warnings, but when I try to access the data in Python using pydap I get:
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate (_ssl.c:1000)
At the end of the traceback. Does anyone know of a way around this?
Again, this is just for trying out the test server which is only locally accessible. When we move this to production we will use a proper CA certificate.
Thanks,
Jim
I have a tests thredds server that running inside our VPN that is configured to use basic user authentication and TLS/SSL encryption using a self-signed certificate. This works fine for connecting with a browser by pushing through the certificate warnings, but when I try to access the data in Python using pydap I get:
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate (_ssl.c:1000)
At the end of the traceback. Does anyone know of a way around this?
Again, this is just for trying out the test server which is only locally accessible. When we move this to production we will use a proper CA certificate.
Thanks,
Jim
Jim Fluke
Jul 12, 2024, 12:08:09 PM7/12/24
to py...@googlegroups.com
I should have
included the open_url call for this. Note that it is using the
password digest, which also part of the server configuration.
from pydap.client import open_url
dataset = open_url('http://fluke:d1ef3ce7e7c41de74192a362524ad0a460692a222d9dd796ee383b56e446d749$1$d03ce0f88475505a68bd0eb37fa570
df8120e59ccf62a4f580a55ad612f695c0e385893fe7205f7c181b221ab49bc817d4a33a2b2bb727fdc0ee3420e7e5b99e@localhost:7000/thredds/dodsC/cloudsat-data/2B-GEOPROF.P1_R05/2008/366/2008366031107_14239_
CS_2B-GEOPROF_GRANULE_P1_R05_E02_F00.hdf'
)
from pydap.client import open_url
dataset = open_url('http://fluke:d1ef3ce7e7c41de74192a362524ad0a460692a222d9dd796ee383b56e446d749$1$d03ce0f88475505a68bd0eb37fa570
df8120e59ccf62a4f580a55ad612f695c0e385893fe7205f7c181b221ab49bc817d4a33a2b2bb727fdc0ee3420e7e5b99e@localhost:7000/thredds/dodsC/cloudsat-data/2B-GEOPROF.P1_R05/2008/366/2008366031107_14239_
CS_2B-GEOPROF_GRANULE_P1_R05_E02_F00.hdf'
)
Chris Barker
Jul 12, 2024, 12:39:10 PM7/12/24
to py...@googlegroups.com
I have no idea where you would pass this in, but it looks like you need to set
SSLContext.verify_mode
on the SSLContext being used to make the request.
I'm guessing that the pydap client is using default settings for its context, but hopefully there is a way to override that.
-CHB
-CHB
--
You received this message because you are subscribed to the Google Groups "pydap" group.
To unsubscribe from this group and stop receiving emails from it, send an email to pydap+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/pydap/bb597f37-5e65-4158-81df-5aaf322d6534%40colostate.edu.
Christopher Barker, Ph.D.
Oceanographer
Emergency Response Division
NOAA/NOS/OR&R (206) 526-6959 voice
7600 Sand Point Way NE (206) 526-6329 fax
Seattle, WA 98115 (206) 526-6317 main reception
Chris....@noaa.gov
Reply all
Reply to author
Forward
0 new messages