Getting SSL: CERTIFICATE_VERIFY_FAILED error when trying to connect to vcenter or esxi server
6,664 views
Skip to first unread message
Shilpa P
Dec 17, 2014, 12:22:56 AM12/17/14
to pysp...@googlegroups.com
I'm executing the below code and I'm getting errors on the third line:
from pysphere import *
vSphereServer=VIServer()
vSphereServer.connect("192.168.212.137","root","password")
vSphereServer=VIServer()
vSphereServer.connect("192.168.212.137","root","password")
----------------------error------------------------------------------------------------
Traceback (most recent call last):
File "<pyshell#12>", line 1, in <module>
vSphereServer.connect("192.168.212.137", "root", "innominds")
File "build\bdist.win32\egg\pysphere\vi_server.py", line 101, in connect
request)._returnval
File "build\bdist.win32\egg\pysphere\resources\VimService_services.py", line 2112, in RetrieveServiceContent
self.binding.Send(None, None, request, soapaction="urn:vim25/5.1", **kw)
File "build\bdist.win32\egg\pysphere\ZSI\client.py", line 295, in Send
self.local.h.connect()
File "C:\Python27\lib\httplib.py", line 1216, in connect
server_hostname=server_hostname)
File "C:\Python27\lib\ssl.py", line 350, in wrap_socket
_context=self)
File "C:\Python27\lib\ssl.py", line 566, in __init__
self.do_handshake()
File "C:\Python27\lib\ssl.py", line 788, in do_handshake
self._sslobj.do_handshake()
SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:581)
File "<pyshell#12>", line 1, in <module>
vSphereServer.connect("192.168.212.137", "root", "innominds")
File "build\bdist.win32\egg\pysphere\vi_server.py", line 101, in connect
request)._returnval
File "build\bdist.win32\egg\pysphere\resources\VimService_services.py", line 2112, in RetrieveServiceContent
self.binding.Send(None, None, request, soapaction="urn:vim25/5.1", **kw)
File "build\bdist.win32\egg\pysphere\ZSI\client.py", line 295, in Send
self.local.h.connect()
File "C:\Python27\lib\httplib.py", line 1216, in connect
server_hostname=server_hostname)
File "C:\Python27\lib\ssl.py", line 350, in wrap_socket
_context=self)
File "C:\Python27\lib\ssl.py", line 566, in __init__
self.do_handshake()
File "C:\Python27\lib\ssl.py", line 788, in do_handshake
self._sslobj.do_handshake()
SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:581)
-----can some one help me how to rectify this or is there a way to skip this certificate check-----------
Mi-e Foame
Dec 18, 2014, 3:54:29 PM12/18/14
to pysp...@googlegroups.com
I have this problem as well. It's because the Python 3 ssl library was backported to 2.7.9. I'm still trying to figure out what exactly I need to do to avoid this error in pysphere beyond downgrading to Python 2.7.8...
Mi-e Foame
Dec 18, 2014, 3:57:57 PM12/18/14
to pysp...@googlegroups.com
It looks like there are two official suggestions for getting the 2.7.8 behavior at https://www.python.org/dev/peps/pep-0476/#opting-out ... I'm thinking that pysphere would require the global monkey patch or an actual update to the pysphere code.
Peter Gallagher
Mar 14, 2015, 2:32:58 PM3/14/15
to pysp...@googlegroups.com
As a workaround you can do the following, which does not alter the default behaviour of the SSL module long term, but allows you to bypass the untrusted cert short-term:
Regards,
Peter
import ssl
from pysphere import VIServer
default_context = ssl._create_default_https_context
server = VIServer()
try:
ssl._create_default_https_context = ssl._create_unverified_context
server.connect("192.168.1.10", "username", "password")
print "Connected to {} {}".format(server.get_server_type(), server.get_api_version())
finally:
ssl._create_default_https_context = default_context
Regards,
Peter
Bryan Duff
Jun 2, 2015, 5:22:08 PM6/2/15
to pysp...@googlegroups.com
So any thoughts on adding a flag to do this behavior instead? Or are there ssl module options to use?
Because it looks like this happens beyond the initial connection (server.get_registered_vms() - same problem (after successfully connecting and showing the API using this workaround).
-Bryan
Bryan Duff
Jun 2, 2015, 5:49:46 PM6/2/15
to pysp...@googlegroups.com
Nevermind, I see now, disregard previous post.
-Bryan
abhiram potluri
Feb 17, 2016, 6:36:26 PM2/17/16
to pysphere
Hi Bryan,
What exactly did you do to get get_registered_vms() working? I still get the SSL certificate verify failed. I was able to do the workaround with the ssl default context to unverified account. Also I am also able to see a connection object present after the vserver.connect but I get ssl error again at get_registered_vms()
CODE:
def connect_vsphere():
global vserver
default_context = ssl._create_default_https_context
vserver = pysphere.VIServer()
try:
ssl._create_default_https_context = ssl._create_unverified_context
vserver.connect(esx_ip,esx_username,esx_password)
finally:
ssl._create_default_https_context = default_context
def close_vsphere():
vserver.close()
connect_vsphere()
print vserver
vmlist = vserver.get_registered_vms()
print vmlist
close_vsphere()
Output:
<pysphere.vi_server.VIServer instance at 0x102c8a878>
What exactly did you do to get get_registered_vms() working? I still get the SSL certificate verify failed. I was able to do the workaround with the ssl default context to unverified account. Also I am also able to see a connection object present after the vserver.connect but I get ssl error again at get_registered_vms()
CODE:
def connect_vsphere():
global vserver
default_context = ssl._create_default_https_context
vserver = pysphere.VIServer()
try:
ssl._create_default_https_context = ssl._create_unverified_context
vserver.connect(esx_ip,esx_username,esx_password)
finally:
ssl._create_default_https_context = default_context
def close_vsphere():
vserver.close()
connect_vsphere()
print vserver
vmlist = vserver.get_registered_vms()
print vmlist
close_vsphere()
Output:
<pysphere.vi_server.VIServer instance at 0x102c8a878>
Traceback (most recent call last):
File "webserver_refresh.py", line 29, in <module>
vmlist = vserver.get_registered_vms()
File "build/bdist.macosx-10.11-intel/egg/pysphere/vi_server.py", line 394, in get_registered_vms
File "build/bdist.macosx-10.11-intel/egg/pysphere/vi_server.py", line 717, in _retrieve_properties_traversal
File "build/bdist.macosx-10.11-intel/egg/pysphere/vi_server.py", line 733, in call_retrieve_properties_ex
File "build/bdist.macosx-10.11-intel/egg/pysphere/resources/VimService_services.py", line 112, in RetrievePropertiesEx
File "build/bdist.macosx-10.11-intel/egg/pysphere/ZSI/client.py", line 295, in Send
File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/httplib.py", line 1274, in connect
server_hostname=server_hostname)
File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/ssl.py", line 352, in wrap_socket
_context=self)
File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/ssl.py", line 579, in __init__
self.do_handshake()
File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/ssl.py", line 808, in do_handshake
self._sslobj.do_handshake()
ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590)
vmlist = vserver.get_registered_vms()
File "build/bdist.macosx-10.11-intel/egg/pysphere/vi_server.py", line 394, in get_registered_vms
File "build/bdist.macosx-10.11-intel/egg/pysphere/vi_server.py", line 717, in _retrieve_properties_traversal
File "build/bdist.macosx-10.11-intel/egg/pysphere/vi_server.py", line 733, in call_retrieve_properties_ex
File "build/bdist.macosx-10.11-intel/egg/pysphere/resources/VimService_services.py", line 112, in RetrievePropertiesEx
File "build/bdist.macosx-10.11-intel/egg/pysphere/ZSI/client.py", line 295, in Send
File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/httplib.py", line 1274, in connect
server_hostname=server_hostname)
File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/ssl.py", line 352, in wrap_socket
_context=self)
File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/ssl.py", line 579, in __init__
self.do_handshake()
File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/ssl.py", line 808, in do_handshake
self._sslobj.do_handshake()
ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590)
Bertrand Bourgier
Jul 21, 2016, 3:43:24 AM7/21/16
to pysphere
Hi,
I guess you already worked it out but for others to have it as well:
the issue comes with the "finally" clause.
removing it fixes the issue.
Working code (at least for me) is:
import sslfrom pysphere import VIServer
esx_ip = "0.0.0.0"esx_username = "foo"esx_password = "foo"
vserver = VIServer()print "vserver: AFTER CREATION - [{}] [{}]".format(vserver.get_server_type(), vserver.get_api_version())
def connect_vsphere(): default_context = ssl._create_default_https_context try: ssl._create_default_https_context = ssl._create_unverified_context vserver.connect(esx_ip,esx_username,esx_password) finally: ##DO NOT DO the following line or else you'll get "ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed" error ##ssl._create_default_https_context = default_context print "vserver: AFTER CONNECTION - [{}] [{}]".format(vserver.get_server_type(), vserver.get_api_version())
def close_vsphere(): vserver.disconnect()
connect_vsphere()
if vserver.get_server_type(): vmlist = vserver.get_registered_vms() print "vmlist:" print vmlistelse: print "vserver EMPTY - Connection Failed"
close_vsphere()Regards.
Bertrand
Reply all
Reply to author
Forward
0 new messages