airflow-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jarek Potiuk <ja...@potiuk.com>
Subject Re: SSLCertVerificationError while invoking API from AIRFLOW
Date Wed, 18 Aug 2021 15:52:05 GMT
This has nothing to do with Airflow. It's about which certificates are used
by the `requests` library.

You need to configure your system that airflow is installed at to include
the right certificates. Just googled it and seems that this thread has many
ideas you can try:
https://stackoverflow.com/questions/10667960/python-requests-throwing-sslerror

It also includes the command you can run on your system without involving
airflow, so you can test and iterate quickly on it.

Good luck :)

J.

On Wed, Aug 18, 2021 at 5:32 PM Dhiddi Sunil <sunil_dhiddi@optum.com> wrote:

>
>
> Hi Team,
>
>
>
> Can someone please advice,
>
>
>
>
>
> we are facing an issue "SSLCertVerificationError" when we  are running
> load balancer by invoking web api using request.get method from airflow.
>
>
>
> Here is the example
>
> requests.get(https://odisstgbk.abc.com/....,verify=False)
>
>
>
> Error Message :
>
> HTTPSConnectionPool(host='odisstgbk.abc.com', port=443): Max retries
> exceeded with url:
> /odis/sendEmail?processId=af894c13-77b5-4d9b-98bf-24833f16a8e8&status=FAILED&mails=venkatesh_gurram%
> 40optum.com (Caused by SSLError(SSLCertVerificationError(1, '[SSL:
> CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed
> certificate in certificate chain (_ssl.c:1076)'))).
>
> Though we are adding verify=False parameter we are getting same issue.
>
>
>
> Please help us to resolve this issue ASAP.
>
>
>
> The certificate applied to odisstgbk.abc.com is an abcCA signed
> certificate that is valid until 7/29/2022.
>
> Please ensure you have the abcCA root certificates in your trust store
> (contact Certificate Services team if you need them).
>
> If you need the certificate changed from abc CA to Comodo CA, the VIP
> owner will need to submit a request through the API system (as the VIP is
> in OSFI) to change the certificate type.
>
>
>
>
>
>
>
>
>
> I found below 2 n cfg file, what exactly I need to fill for below two in
> cfg file ?
>
>
>
>
>
> # Paths to the SSL certificate and key for the web server. When both are #
> provided SSL will be enabled. This does not change the web server port.
>
> web_server_ssl_cert =
>
> # Paths to the SSL certificate and key for the web server. When both are #
> provided SSL will be enabled. This does not change the web server port.
>
> web_server_ssl_key =
>
>
> This e-mail, including attachments, may include confidential and/or
> proprietary information, and may be used only by the person or entity
> to which it is addressed. If the reader of this e-mail is not the intended
> recipient or his or her authorized agent, the reader is hereby notified
> that any dissemination, distribution or copying of this e-mail is
> prohibited. If you have received this e-mail in error, please notify the
> sender by replying to this message and delete this e-mail immediately.
>


-- 
+48 660 796 129

Mime
View raw message