On Jul 28, 3:29 am, Nick Craig-Wood <n...@craig-wood.com> wrote: > jakecjacobson <jakecjacob...@gmail.com> wrote: > > I am getting the following error when doing a post to REST API, > > > Enter PEM pass phrase: > > Traceback (most recent call last): > > File "./ices_catalog_feeder.py", line 193, in ? > > main(sys.argv[1]) > > File "./ices_catalog_feeder.py", line 60, in main > > post2Catalog(catalog_host, catalog_port, catalog_path, os.path.join > > (input_dir, file), collection_name, key_file, cert_file) > > File "./ices_catalog_feeder.py", line 125, in post2Catalog > > connection.request('POST', path, parameters, head) > > File "/usr/lib/python2.4/httplib.py", line 810, in request > > self._send_request(method, url, body, headers) > > File "/usr/lib/python2.4/httplib.py", line 833, in _send_request > > self.endheaders() > > File "/usr/lib/python2.4/httplib.py", line 804, in endheaders > > self._send_output() > > File "/usr/lib/python2.4/httplib.py", line 685, in _send_output > > self.send(msg) > > File "/usr/lib/python2.4/httplib.py", line 652, in send > > self.connect() > > File "/usr/lib/python2.4/httplib.py", line 1079, in connect > > ssl = socket.ssl(sock, self.key_file, self.cert_file) > > File "/usr/lib/python2.4/socket.py", line 74, in ssl > > return _realssl(sock, keyfile, certfile) > > socket.sslerror: (1, 'error:14094412:SSL > > routines:SSL3_READ_BYTES:sslv3 alert bad certificate') > > > My code where this error occurs is: > > > head = {"Content-Type" : "application/x-www-form-urlencoded", > > "Accept" : "text/plain"} > > parameters = urlencode({"collection" : collection, "entryxml" : open > > (file,'r').read()}) > > print "Sending the file to: " + host > > > try: > > try: > > # Default port is 443. > > # key_file is the name of a PEM formatted file that contains your > > private key. > > # cert_file is a PEM formatted certificate chain file. > > connection = httplib.HTTPSConnection(host, int(port), key_file, > > cert_file) > > connection.request('POST', path, parameters, head) > > response = connection.getresponse() > > print response.status, response.reason > > except httplib.error, (value,message): > > print value + ':' + message > > finally: > > connection.close() > > > I was wondering if this is due to the server having a invalid server > > cert? > > I'd say judging from the traceback you messed up key_file or cert_file > somehow. > > Try using the openssl binary on them (read the man page to see how!) > to check them out. > > > If I go to this server in my browser, I get a "This server tried to > > identify itself with invalid information". Is there a way to > > ignore this issue with Python? Can I setup a trust store and add > > this server to the trust store? > > Invalid how? Self signed certificate? Domain mismatch? Expired certificate? > > -- > Nick Craig-Wood <n...@craig-wood.com> --http://www.craig-wood.com/nick
Nick, Thanks for the help on this. I will check my steps on openssl again and see if I messed up. What I tried to do was: 1. Save my PKI cert to disk. It was saved as a P12 file 2. Use openssl to convert it to the needed .pem file type 3. Saved the CA that my cert was signed by as a .crt file These are the 2 files that I was using for key_file and * cert_file -> CA * key_file -> my PKI cert converted to a .pem file "Invalid how? Self signed certificate? Domain mismatch? Expired certificate?" It is a server name mismatch. For everyone that wants to discuss why we shouldn't do this, great but I can't change the fact that I need to do this. I can't use http or even get a correct cert at this time. This is a quick a dirty project to demonstrate capability. I need something more than slide show briefs. -- http://mail.python.org/mailman/listinfo/python-list