Hi,
My XNAT uses HTTPS instead of the default HTTP (to stop IT from shutting down the host). The configuration is via docker-compose, I have made changes in the "server" sections of nginx.conf for the nginx docker (I have attached the modified file).
The system works fine for access with the browser; I can do everything I want: make projects, assign users, etc. and always using the HTTPS protocol.
But when I want to upload a large number of NIfTI images, I prefer to use Python scripts, via the XNAT package [
https://xnat.readthedocs.io]. When I connect this way, I get the following error (see below).
I first thought it was something on the XNAT host side, because the command 'curl' gives an error as well: "curl: (60) Peer's Certificate issuer is not recognised." The certificate was given to me by my IT department, and comes from GEANT (I don't know what that is)
But then on the same local computer where Python XNAT and curl give an error, I can just access and modify XNAT projects via the browser interface. So some of my local software can just access the XNAT host, suggesting there may be a local solution.
Does anyone know what causes this (and how to solve it)? Many thanks!
===================
error message in python
===================
$ python3
Python 3.8.10 (default, Mar 15 2022, 12:22:08)
[GCC 9.4.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import xnat;
>>> xnat.connect ( host='https://rng-xnat.ecloud.vumc.nl' )
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
TypeError: connect() got an unexpected keyword argument 'host'
>>> xnat.connect ( 'https://rng-xnat.ecloud.vumc.nl' )
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 665, in urlopen
httplib_response = self._make_request(
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 376, in _make_request
self._validate_conn(conn)
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 996, in _validate_conn
conn.connect()
File "/usr/lib/python3/dist-packages/urllib3/connection.py", line 366, in connect
self.sock = ssl_wrap_socket(
File "/usr/lib/python3/dist-packages/urllib3/util/ssl_.py", line 370, in ssl_wrap_socket
return context.wrap_socket(sock, server_hostname=server_hostname)
File "/usr/lib/python3.8/ssl.py", line 500, in wrap_socket
return self.sslsocket_class._create(
File "/usr/lib/python3.8/ssl.py", line 1040, in _create
self.do_handshake()
File "/usr/lib/python3.8/ssl.py", line 1309, in do_handshake
self._sslobj.do_handshake()
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1131)
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/requests/adapters.py", line 439, in send
resp = conn.urlopen(
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 719, in urlopen
retries = retries.increment(
File "/usr/lib/python3/dist-packages/urllib3/util/retry.py", line 436, in increment
raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='rng-xnat.ecloud.vumc.nl', port=443): Max retries exceeded with url: / (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1131)')))
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/local/lib/python3.8/dist-packages/xnat/__init__.py", line 515, in connect
redirect_check_response = requests_session.get(server)
File "/usr/lib/python3/dist-packages/requests/sessions.py", line 546, in get
return self.request('GET', url, **kwargs)
File "/usr/lib/python3/dist-packages/requests/sessions.py", line 533, in request
resp = self.send(prep, **send_kwargs)
File "/usr/lib/python3/dist-packages/requests/sessions.py", line 646, in send
r = adapter.send(request, **kwargs)
File "/usr/lib/python3/dist-packages/requests/adapters.py", line 514, in send
raise SSLError(e, request=request)
requests.exceptions.SSLError: HTTPSConnectionPool(host='rng-xnat.ecloud.vumc.nl', port=443): Max retries exceeded with url: / (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1131)')))