Minio Python API Client: CERTIFICATE_VERIFY_FAILED with self signed certificate
See original GitHub issueI am using the Minio Python API client to access a Minio server running in a docker container. I have configured SSL by mounting the (self signed) public and private key into the container.
SSL appears to be working fine with curl, when I pass the CA certificate:
$ https_proxy= curl --cacert deploy/minio/certs/cacert.pem --resolve minio:2000:127.0.0.1 https://minio:2000
<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied.</Message><Resource>/</Resource><RequestId>1567BC9DB72456EE</RequestId><HostId>3L137</HostId></Error>$
But the Python client doesn’t work:
MaxRetryError: HTTPSConnectionPool(host='localhost', port=2000): Max retries exceeded with url: /files.ips.bucket/ (Caused by SSLError(SSLError(1, u'[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:579)'),))
Here’s how I set up the connection:
MINIO_ENDPOINT = os.environ.get('MINIO_STORAGE_ENDPOINT', "localhost:2000")
MINIO_ACCESS_KEY = os.environ.get('MINIO_ACCESS_KEY')
MINIO_SECRET_KEY = os.environ.get('MINIO_SECRET_KEY')
MINIO_REGION = None
MINIO_USE_HTTPS = True
connection = Minio(settings.MINIO_ENDPOINT,
settings.MINIO_ACCESS_KEY,
settings.MINIO_SECRET_KEY,
settings.MINIO_USE_HTTPS,
settings.MINIO_REGION)
I have searched the docs and Google to no avail - how do I tell the Python client to check against my root certificate?
Issue Analytics
- State:
- Created 5 years ago
- Comments:12 (3 by maintainers)
Top Results From Across the Web
[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed ...
I'm trying to run a simple python script to access s3 buckets in minio server in WINDOWS. The server is using self signed...
Read more >Access MinIO Secured by SSL/TLS with MinIO Python SDK
It enforces encrypted communications between a Web server and a client. To access those data, a client is supposed to obtain a SSL...
Read more >Network Encryption (TLS) — MinIO Object Storage for Linux
TLS is the successor to Secure Socket Layer (SSL) encryption. ... Indication (SNI) to identify which certificate to use when responding to a...
Read more >python minio client报[SSL: CERTIFICATE_VERIFY_FAILED ...
解决[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate (_ssl.c:1108)
Read more >[ssl: certificate_verify_failed] certificate verify failed: unable to ...
ssl.sslcertverificationerror: [ssl: certificate_verify_failed] ... I´ve created a tcp socket server/client application which is secured via python ssl.
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Without proxy would be something like this:
@zhangtai try something like this, maybe it helps.
The file that
ca_certspoints to should have the full chain of certificates. Just as a general way to produce one see here or any other tutorial on how to get the certificate chain right. Other option beside settingca_certin yourhttp_clientis to set the env variableSSL_CERT_FILEto the path of the file.