PyKMIP: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:852)

I’m trying to use this library for communication with Equinix SmartKey via KMIP interface (which they say is supported). I have this “certificate verify failed” exception but not sure what’s failing on my end. I did a self signed certificate and also tried to download the server’s certificate for the “ca_certs”. This is my configuration:

[client]
host=eu.smartkey.io
port=5696
certfile=/mnt/homes/oded/tmpProj/pykmip/example-com.cert.pem
keyfile=/mnt/homes/oded/tmpProj/pykmip/example-com.key.pem
ca_certs=/mnt/homes/oded/tmpProj/pykmip/smartkeycert.cer
cert_reqs=CERT_REQUIRED
ssl_version=PROTOCOL_TLS
do_handshake_on_connect=True
suppress_ragged_eofs=True
username=*** (email of smartkey user)
password=***  (password of  smartkey user)

I run the example in kmip/demos/pie/get.py and get this:

Traceback (most recent call last):
  File "get.py", line 48, in <module>
    config_file=config_file
  File "/usr/local/lib/python3.6/dist-packages/kmip/pie/client.py", line 1745, in __enter__
    self.open()
  File "/usr/local/lib/python3.6/dist-packages/kmip/pie/client.py", line 173, in open
    self.proxy.open()
  File "/usr/local/lib/python3.6/dist-packages/kmip/services/kmip_client.py", line 275, in open
    self.socket.connect((self.host, self.port))
  File "/usr/lib/python3/dist-packages/six.py", line 693, in reraise
    raise value
  File "/usr/local/lib/python3.6/dist-packages/kmip/services/kmip_client.py", line 275, in open
    self.socket.connect((self.host, self.port))
  File "/usr/lib/python3.6/ssl.py", line 1109, in connect
    self._real_connect(addr, False)
  File "/usr/lib/python3.6/ssl.py", line 1100, in _real_connect
    self.do_handshake()
  File "/usr/lib/python3.6/ssl.py", line 1077, in do_handshake
    self._sslobj.do_handshake()
  File "/usr/lib/python3.6/ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:852)

About this issue

  • Original URL
  • State: closed
  • Created 4 years ago
  • Comments: 21 (10 by maintainers)

Most upvoted comments

@OdedRaiches No problem! Really glad to hear that you figured it out. After my debug yesterday I wondered if the credentials were the issue. I’m also happy to hear that SmartKey works correctly.

If you run into any future problems with either PyKMIP or libkmip, don’t hesitate to let me know. Cheers!

+1
PeterHamilton on Dec 9, 2020
Read more comments on GitHub
← PyKMIP: Can't seem to get SSL to work.
openlauncher: Unable to compile project →