如何在 Python3 中使用自签名证书 [英] How to use self-signed certificate in Python3
问题描述
我在 Windows Server 2012 R2 [WSUS Server - 10.66.194.98] [Dec15.cer] 中生成了自签名证书,并在所有WSUS 管理"网站中启用了 SSL.现在我想在python代码中使用这个来与服务器联系.
I've generated a self-signed certificate in Windows Server 2012 R2 [WSUS Server - 10.66.194.98] [Dec15.cer] and enabled SSL in all 'WSUS Administration' website. Now I want to use this in python code to contact with the server.
我遇到了以下错误
错误:主机无法访问 [HTTPSConnectionPool(host='10.66.194.98', port=8531): Max retries exceeded with url:/ApiRemoting30/WebService.asmx (Caused by SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED)] 证书验证失败 (_ssl.c:833)'),))]
ERROR: Host not reachable [HTTPSConnectionPool(host='10.66.194.98', port=8531): Max retries exceeded with url: /ApiRemoting30/WebService.asmx (Caused by SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:833)'),))]
这是我试过的.
wsusutil.exe configuressl 10.66.194.98
wsusutil.exe configuressl 10.66.194.98
然后我将 Dec15.cer 复制到 python 根目录.并运行以下代码
Then I copied the Dec15.cer to python root directory. and ran the below code
from requests import Session
from requests_ntlm import HttpNtlmAuth
user = 'administrator'
password = '******'
session = Session()
session.cert = session.verify = 'Dec15.cer'
# session.verify = False
session.auth = HttpNtlmAuth(user, password)
print(session.get("https://10.66.194.98:8531/ApiRemoting30",
verify=session.verify,
cert=session.cert))
推荐答案
虽然有问题的证书 Dec15.cer 是自签名证书,但它没有基本约束 CA:true:
While the certificate in question Dec15.cer is a self-signed certificate it does not have basic constraints CA:true:
$ openssl x509 -text -in Dec15.cer
...
X509v3 extensions:
X509v3 Key Usage:
Key Encipherment, Data Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication
但是,正如我在评论中已经说过的,requests 中给 verify 参数的证书必须是 CA 证书,即具有基本约束 CA:真的.
But, as I already said in a comment, the certificates given to the verify parameter in requests must be CA certificates, i.e. have basic constraints CA:true.
这篇关于如何在 Python3 中使用自签名证书的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
