Solved: Re: SSL error in python

Adrian41 · ‎02-27-2023

Hello,

I am making API calls via python script in "Pycharm". Every call I make fails with

requests.exceptions.SSLError: HTTPSConnectionPool(host='api.meraki.com', port=443): Max retries exceeded with url: /api/v1/organizations/xxxxx/networks (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:992)')))

I can get around this by adding a verify=false header but I want to fix it properly.

I think I fix this with the header verify=[path to raw CA Bundle]

is that correct? and if so, where do I get the cert bundle from?

Thanks!

Adrian41 · ‎02-28-2023

figured it out, the correct syntax is verify="path/to/cert.crt"

I used the cisco cert which i downloaded from the cisco API dashboard
https://developer.cisco.com/meraki/api/#!getting-started/obtaining-your-meraki-api-key

View solution in original post

Philip D'Ath · ‎02-27-2023

I used this command to show the certificate being used:

openssl s_client -connect api.meraki.com:443 2>/dev/null | openssl x509 -noout -text

It shows the issuer to be:

Issuer: C = US, O = DigiCert Inc, CN = DigiCert TLS RSA SHA256 2020 CA1

So you would need to load in one of the Digicert root certificates:

https://www.digicert.com/kb/digicert-root-certificates.htm

More info:

Adrian41 · ‎02-28-2023

thanks!

Adrian41 · ‎02-28-2023

😞 Im still having trouble.

I installed a few of the certs into my cert store which didnt work, so I then put them in a folder and just added a header in the code to point to it (I tried verify= and cert=).

Still didnt work - Im not sure what to do next. I just get errors saying unable to get local issuer certificate (_ssl.c:992

I spoke to support for Pycharm and they said the correct method is specified by the API and not pycharm 😞

Adrian41 · ‎02-28-2023

figured it out, the correct syntax is verify="path/to/cert.crt"

I used the cisco cert which i downloaded from the cisco API dashboard
https://developer.cisco.com/meraki/api/#!getting-started/obtaining-your-meraki-api-key

Jun Sarceno · ‎06-21-2023

I am using Windows and getting the similar error to yours:

requests.exceptions.SSLError: HTTPSConnectionPool(host='api.meraki.com', port=443): Max retries exceeded with url: /api/v1/organizations/xxxxx/networks (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:992)')))

Where in the API Dashboard did you get the Cert?

I can user Postman with no SSL issue but I need to use Python for other scripts. Can't get pass the SSL: error.

Thanks

hstruckm · ‎03-05-2023

@Adrian41 are you using a Apple M1/M2 Mac? Your python / pycharm environment could have an effect on SSL as well? Under normal circumstances you should not need to download Certificates for Meraki API

Holger Struckmann
CCIE #60154

Adrian41 · ‎03-06-2023

Hello,
No, just plain windows.

Matq · ‎09-19-2024

HI,

I have the same issue and i'm using a Apple M1.

here is the error message:

"2024-09-19 22:26:12 meraki.aio: WARNING > organizations, getOrganizationAdmins > https://api.meraki.com/api/v1/organizations/1128782/admins - Cannot connect to host api.meraki.com:443 ssl:True [SSLCertVerificationError: (1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate in certificate chain (_ssl.c:1000)')], retrying in 1 second"

Any idea?

Philip D'Ath · ‎09-19-2024

The solution to this is above:
https://community.meraki.com/t5/Developers-APIs/SSL-error-in-python/m-p/186312/highlight/true#M7688

Note that if your company is using transparent TLS inspection (which I think it is, because you are getting a warning about a self signed certificate) then you will need to get that certificate from your comany instead.

Matq · ‎09-19-2024

Hi

Thank you for your reply. I managed to to fix it after my post.

On mac, when you install python, the is a exe named: "Install Certificates.command: in the /Application/Python 3.12/

After executing it, it fixed the issue.

No need to chaneg the meraki script.

cheers,

Mat

janki-p12 · ‎05-15-2025

The error message CERTIFICATE_VERIFY_FAILED that you are facing while making API calls via Python is a type of standard error that users using a Python environment usually face. The error occurs when making HTTPS requests using the requests module in Python.

When the client’s browser affirms that the SSL certificate is valid and authentic, it establishes the connection. But if the client cannot confirm the server’s originality through the Secure Socket Layer certificate, the certificate_verify_failed error will pop up. There are different reasons such as:-

1) Expired or Invalid SSL Certificate

2) The issue with the SSL Certificate Chain

3) Obsolete Python Default Certificates

As, their many ways to fix the error, you need to understand it in detail. I found the helpful resource guide:- https://cheapsslweb.com/blog/ssl-certificate-verify-failed-error-in-python/ for the error that was being faced.

I hope it helps!