This has nothing to do with Airflow. It's about which certificates are used by the `requests` library.
You need to configure your system that airflow is installed at to include the right certificates. Just googled it and seems that this thread has many ideas you can try: https://stackoverflow.com/questions/10667960/python-requests-throwing-sslerror It also includes the command you can run on your system without involving airflow, so you can test and iterate quickly on it. Good luck :) J. On Wed, Aug 18, 2021 at 5:32 PM Dhiddi Sunil <[email protected]> wrote: > > > Hi Team, > > > > Can someone please advice, > > > > > > we are facing an issue "SSLCertVerificationError" when we are running > load balancer by invoking web api using request.get method from airflow. > > > > Here is the example > > requests.get(https://odisstgbk.abc.com/....,verify=False) > > > > Error Message : > > HTTPSConnectionPool(host='odisstgbk.abc.com', port=443): Max retries > exceeded with url: > /odis/sendEmail?processId=af894c13-77b5-4d9b-98bf-24833f16a8e8&status=FAILED&mails=venkatesh_gurram% > 40optum.com (Caused by SSLError(SSLCertVerificationError(1, '[SSL: > CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed > certificate in certificate chain (_ssl.c:1076)'))). > > Though we are adding verify=False parameter we are getting same issue. > > > > Please help us to resolve this issue ASAP. > > > > The certificate applied to odisstgbk.abc.com is an abcCA signed > certificate that is valid until 7/29/2022. > > Please ensure you have the abcCA root certificates in your trust store > (contact Certificate Services team if you need them). > > If you need the certificate changed from abc CA to Comodo CA, the VIP > owner will need to submit a request through the API system (as the VIP is > in OSFI) to change the certificate type. > > > > > > > > > > I found below 2 n cfg file, what exactly I need to fill for below two in > cfg file ? > > > > > > # Paths to the SSL certificate and key for the web server. When both are # > provided SSL will be enabled. This does not change the web server port. > > web_server_ssl_cert = > > # Paths to the SSL certificate and key for the web server. When both are # > provided SSL will be enabled. This does not change the web server port. > > web_server_ssl_key = > > > This e-mail, including attachments, may include confidential and/or > proprietary information, and may be used only by the person or entity > to which it is addressed. If the reader of this e-mail is not the intended > recipient or his or her authorized agent, the reader is hereby notified > that any dissemination, distribution or copying of this e-mail is > prohibited. If you have received this e-mail in error, please notify the > sender by replying to this message and delete this e-mail immediately. > -- +48 660 796 129
