unable to get local issuer certificate

Question

unable to get local issuer certificate

chaoqunya opened this issue a year ago · 1 comments

requests.exceptions.SSLError: HTTPSConnectionPool(host='my.idp.com', port=443): 
  Max retries exceeded with url: /api/saml/metadata/entities/%7Bsha1%7Dabcdefg 
  (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] 
    certificate verify failed: unable to get local issuer certificate (_ssl.c:1000)')))

The my.idp.com is hosted internally with its certificate, I have export its certificate from chrome as my.idp.com.cert and use it in metadata

'metadata': {
    'mdq': [{
        "url": "https://my.idp.com/api/saml/metadata",
        "cert": os.path.join(BASE_DIR, 'my.idp.com.cert'),
    },],
},

This error still occurs even if I set "verify_ssl_cert": False, and "disable_ssl_certificate_validation": True,

Code Version

djangosaml2 1.8.0
pysaml2 7.4.2

Expected Behavior

Current Behavior

Possible Solution

Steps to Reproduce

Answer 1 · 2023-11-08T22:46:32.000Z

Hi, the certificate configured for a metadata source is the certificate that's expected to sign the XML metadata - not protect the HTTPS URL.

The HTTPS URL is still expected to be using a certificate trusted by the system/Python certificate store...