https://community.cisco.com/t5/network-access-control/create-internal-user-python-script/m-p/4405462#M567384 <P>You are most likely using an untrusted, self-signed certificate on your ISE node and the Python SSL library does not like that. Also you seem to be explicitly trying to use <FONT face="courier new,courier">ssl.PROTOCOL_TLSv1</FONT> and perhaps your ISE node has TLS 1.0 disabled for security reasons? I don't know why you want to specifically use TLS 1.0 in your script but make sure you have enabled it:<span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="image.png" style="width: 999px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/120757i832E3B92A2AE9725/image-size/large?v=v2&amp;px=999" role="button" title="image.png" alt="image.png" /></span></P> Wed, 19 May 2021 14:39:41 GMT thomas 2021-05-19T14:39:41Z https://community.cisco.com/t5/network-access-control/create-internal-user-python-script/m-p/4405349#M567378 <P>Hi Everyone</P><P><SPAN>&nbsp;I&nbsp;&nbsp;</SPAN>would like to create internal&nbsp; users using Python script.&nbsp;&nbsp;<SPAN>I have installed 3.9.2 Python and saved the .py file and run the execution using ERS SDK guide for ISE</SPAN></P><P>&nbsp;</P><P><SPAN>I got this error while run the code through&nbsp; command line&nbsp;</SPAN></P><P><SPAN><BR />ssl.SSLError: [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:1123)</SPAN></P><P>&nbsp;</P><P>&nbsp;</P><P>This is my code&nbsp;</P><P>&nbsp;</P><P>#!/usr/bin/env python</P><P>import http.client<BR />import base64<BR />import ssl<BR />import sys<BR />import urllib3<BR />urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)</P><P>#parameters<BR />name = sys.argv[4] # "chris"<BR />first = sys.argv[5] # "Chris"<BR />last = sys.argv[6] # "Colombus"<BR />passwd = sys.argv[7] # "Password1"<BR />email = sys.argv[8] # "chris@gh.com"<BR />expiry_date = sys.argv[9] # "2021-12-30"</P><P># host and authentication credentials<BR />host = sys.argv[1] # "192.168.31.15"<BR />user = sys.argv[2] # "ersad"<BR />password = sys.argv[3] # "oFlPRrne1"</P><P><BR />conn = http.client.HTTPSConnection("{}:9060".format(host), context=ssl.SSLContext(ssl.PROTOCOL_TLSv1))</P><P>creds = str.encode(':'.join((user, password)))<BR />encodedAuth = bytes.decode(base64.b64encode(creds))</P><P>req_body_json = """ {{<BR />"InternalUser" : {{<BR />"name" : "{}",<BR />"enabled" : true,<BR />"email" : "{}",<BR />"password" : "{}",<BR />"firstName" : "{}",<BR />"lastName" : "{}",<BR />"changePassword" : true,<BR />"expiryDateEnabled" : true,<BR />"expiryDate" : "{}",<BR />"enablePassword" : "{}",<BR />"customAttributes" : {{<BR />}},<BR />"passwordIDStore" : "Internal Users"<BR />}}<BR />}}<BR />""".format(name,email,passwd,first,last,expiry_date,passwd)</P><P>headers = {<BR />'accept': "application/json",<BR />'content-type': "application/json",<BR />'authorization': " ".join(("Basic",encodedAuth)),<BR />'cache-control': "no-cache",<BR />}</P><P>conn.request("POST", "/ers/config/internaluser/", headers=headers, body=req_body_json)</P><P>res = conn.getresponse()<BR />data = res.read()</P><P>print("Status: {}".format(res.status))<BR />print("Header:\n{}".format(res.headers))<BR />print("Body:\n{}".format(data.decode("utf-8")))</P><P>&nbsp;</P><P>Any help would appreciated&nbsp;&nbsp;</P><P>&nbsp;</P> Wed, 19 May 2021 11:38:22 GMT https://community.cisco.com/t5/network-access-control/create-internal-user-python-script/m-p/4405349#M567378 Richie20 2021-05-19T11:38:22Z https://community.cisco.com/t5/network-access-control/create-internal-user-python-script/m-p/4405462#M567384 <P>You are most likely using an untrusted, self-signed certificate on your ISE node and the Python SSL library does not like that. Also you seem to be explicitly trying to use <FONT face="courier new,courier">ssl.PROTOCOL_TLSv1</FONT> and perhaps your ISE node has TLS 1.0 disabled for security reasons? I don't know why you want to specifically use TLS 1.0 in your script but make sure you have enabled it:<span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="image.png" style="width: 999px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/120757i832E3B92A2AE9725/image-size/large?v=v2&amp;px=999" role="button" title="image.png" alt="image.png" /></span></P> Wed, 19 May 2021 14:39:41 GMT https://community.cisco.com/t5/network-access-control/create-internal-user-python-script/m-p/4405462#M567384 thomas 2021-05-19T14:39:41Z https://community.cisco.com/t5/network-access-control/create-internal-user-python-script/m-p/4405494#M567386 <P>the TLS 1.0 is already enabled in the ISE node but I still get the same error as&nbsp; well&nbsp;</P> Thu, 20 May 2021 13:25:50 GMT https://community.cisco.com/t5/network-access-control/create-internal-user-python-script/m-p/4405494#M567386 Richie20 2021-05-20T13:25:50Z https://community.cisco.com/t5/network-access-control/create-internal-user-python-script/m-p/4406519#M567455 <P><SPAN>the TLS 1.0 is already enabled in the ISE node but I still get the same error as&nbsp; well&nbsp;</SPAN></P><P>&nbsp;</P><P><SPAN>Any help is welcomed </SPAN></P> Fri, 21 May 2021 10:20:04 GMT https://community.cisco.com/t5/network-access-control/create-internal-user-python-script/m-p/4406519#M567455 Richie20 2021-05-21T10:20:04Z