#SSL_CERTIFICATE_VERIFY_FAILED

Question

#SSL_CERTIFICATE_VERIFY_FAILED

Closed this issue 3 years ago · 7 comments

Hi, there is any possibility to get trough this error?

_[CRITICAL] HTTPSConnectionPool(host='XX.XX.XX.XX', port=443): Max retries exceeded with url: /api/v1/capacity/usage (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate (ssl.c:1056)')))

I've tried so many workaroud but with no success.

Could be Related to NSX-T destionatio the use only selfsigned Cert?

Answer 1 · 2021-07-05T09:32:17.000Z

Hi @CerealKller ,
yes, this seems to be related to selfsigned certs.
Without changing anything to the plugin, you would have to add the CA which signed the certificate to the system certificate store of the machine executing the checks.

Answer 2 · 2021-07-05T13:30:27.000Z

Hi @RincewindsHat

Thank you for your hint! I've downloaded the full chain from NSX-T page and stored in CA store of Python.
Work like a charm now.

Thanks,

Answer 3 · 2021-07-05T13:46:56.000Z

I will leave this issue open as a note to one time implement something like --insecure or --ca-path|--certificate-path

Answer 4 · 2021-07-05T14:02:02.000Z

that would be a nice features for multiple instances.

Answer 5 · 2021-09-06T13:56:25.000Z

$ diff check_vmware_nsxt.py check_vmware_nsxt2.py

41a42,43
> import urllib3
> urllib3.disable_warnings()

117c119
<             response = requests.request(method, request_url, auth=HTTPBasicAuth(self.username, self.password))
---
>             response = requests.request(method, request_url, auth=HTTPBasicAuth(self.username, self.password), verify=False)

Answer 6 · 2021-09-06T17:40:50.000Z

@uvu9Ba Thanks for the reminder, could you test #3 for me? I don't have the environment at hand.

Answer 7 · 2021-09-07T19:45:56.000Z

Closing this with #3