abhishek-ram/django-pyas2

Error stating self signed certificate in certificate chain for valid certs

Arun-V-S opened this issue · 3 comments

We tried setting up PYAS2 in two different hosts. We used valid venafi generated certificates for both the hosts and configured private key and public certificate for the respective hosts, as mentioned in the documentation.

It gives me the below error stating 'self signed certificate in certificate chain'. Can you please let me know, why it gives this error even though we used venafi generated certs? Please find the detailed trace below.

Failed to send message, error:
Traceback (most recent call last):
File "/usr/lib/python3.7/site-packages/urllib3/connectionpool.py", line 710, in urlopen
chunked=chunked,
File "/usr/lib/python3.7/site-packages/urllib3/connectionpool.py", line 386, in _make_request
self.validate_conn(conn)
File "/usr/lib/python3.7/site-packages/urllib3/connectionpool.py", line 1040, in validate_conn
conn.connect()
File "/usr/lib/python3.7/site-packages/urllib3/connection.py", line 424, in connect
tls_in_tls=tls_in_tls,
File "/usr/lib/python3.7/site-packages/urllib3/util/ssl
.py", line 450, in ssl_wrap_socket
sock, context, tls_in_tls, server_hostname=server_hostname
File "/usr/lib/python3.7/site-packages/urllib3/util/ssl
.py", line 493, in _ssl_wrap_socket_impl
return ssl_context.wrap_socket(sock, server_hostname=server_hostname)
File "/usr/lib/python3.7/ssl.py", line 423, in wrap_socket
session=session
File "/usr/lib/python3.7/ssl.py", line 870, in _create
self.do_handshake()
File "/usr/lib/python3.7/ssl.py", line 1139, in do_handshake
self._sslobj.do_handshake()
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1091)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/usr/lib/python3.7/site-packages/requests/adapters.py", line 450, in send
timeout=timeout
File "/usr/lib/python3.7/site-packages/urllib3/connectionpool.py", line 786, in urlopen
method, url, error=e, _pool=self, _stacktrace=sys.exc_info()[2]
File "/usr/lib/python3.7/site-packages/urllib3/util/retry.py", line 592, in increment
raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='HOST_DNS_HERE', port=443): Max retries exceeded with url: /pyas2/as2receive/ (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1091)')))

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/usr/lib/python3.7/site-packages/pyas2/models.py", line 478, in send_message
verify=self.partner.https_verify_ssl,
File "/usr/lib/python3.7/site-packages/requests/api.py", line 117, in post
return request('post', url, data=data, json=json, **kwargs)
File "/usr/lib/python3.7/site-packages/requests/api.py", line 61, in request
return session.request(method=method, url=url, **kwargs)
File "/usr/lib/python3.7/site-packages/requests/sessions.py", line 529, in request
resp = self.send(prep, **send_kwargs)
File "/usr/lib/python3.7/site-packages/requests/sessions.py", line 645, in send
r = adapter.send(request, **kwargs)
File "/usr/lib/python3.7/site-packages/requests/adapters.py", line 517, in send
raise SSLError(e, request=request)
requests.exceptions.SSLError: HTTPSConnectionPool(host='HOST_DNS_HERE', port=443): Max retries exceeded with url: /pyas2/as2receive/ (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1091)')))

The issue is not with the AS2 certificates but instead with the certificates configured on the HTTP server

We resolved this issue by adding certificate chain to the trusted CA. Thanks.