SSL failed: certificate has expired
Opened this issue · 4 comments
[20:42:01] [CRITICAL] Internal error: HTTPSConnectionPool(host='cfm.etisalat.ae', port=443): Max retries exceeded with url: / (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: certificate has expired (_ssl.c:1007)')))
Traceback (most recent call last):
File "/home/fixer/.local/lib/python3.10/site-packages/urllib3/connectionpool.py", line 597, in urlopen
httplib_response = self._make_request(conn, method, url,
File "/home/fixer/.local/lib/python3.10/site-packages/urllib3/connectionpool.py", line 343, in _make_request
self._validate_conn(conn)
File "/home/fixer/.local/lib/python3.10/site-packages/urllib3/connectionpool.py", line 839, in validate_conn
conn.connect()
File "/home/fixer/.local/lib/python3.10/site-packages/urllib3/connection.py", line 337, in connect
self.sock = ssl_wrap_socket(
File "/home/fixer/.local/lib/python3.10/site-packages/urllib3/util/ssl.py", line 345, in ssl_wrap_socket
return context.wrap_socket(sock, server_hostname=server_hostname)
File "/usr/lib/python3.10/ssl.py", line 513, in wrap_socket
return self.sslsocket_class._create(
File "/usr/lib/python3.10/ssl.py", line 1071, in _create
self.do_handshake()
File "/usr/lib/python3.10/ssl.py", line 1342, in do_handshake
self._sslobj.do_handshake()
how can I get around this? type -from -do not check certificate
I'm actively coming up against this same thing on a web server using a self-signed certificate. I don't know if there is actively a flag you can set to do this, however, my attack plan is to change all of the requests calls to use the parameter verify=False which should bypass the self-signed cert failure. Hope this helps!
I'm actively coming up against this same thing on a web server using a self-signed certificate. I don't know if there is actively a flag you can set to do this, however, my attack plan is to change all of the
requestscalls to use the parameterverify=Falsewhich should bypass the self-signed cert failure. Hope this helps!
Did you end up doing this? Was going to try this, but I foresee it being a bit of a pain in the ass...
I'm actively coming up against this same thing on a web server using a self-signed certificate. I don't know if there is actively a flag you can set to do this, however, my attack plan is to change all of the
requestscalls to use the parameterverify=Falsewhich should bypass the self-signed cert failure. Hope this helps!Did you end up doing this? Was going to try this, but I foresee it being a bit of a pain in the ass...
I did and while yes a pain in the butt, I was able to get through all the changes in about 30 minutes with Ctrl + F. It does work after doing this though so worth it I suppose.
I'm actively coming up against this same thing on a web server using a self-signed certificate. I don't know if there is actively a flag you can set to do this, however, my attack plan is to change all of the
requestscalls to use the parameterverify=Falsewhich should bypass the self-signed cert failure. Hope this helps!Did you end up doing this? Was going to try this, but I foresee it being a bit of a pain in the ass...
I did and while yes a pain in the butt, I was able to get through all the changes in about 30 minutes with Ctrl + F. It does work after doing this though so worth it I suppose.
Did you only have to change all the .get() and .post() request session object methods or were there others that one might not expect? Times like these I wish I was a sed/awk master, or that I could get certifi do do something like this.
Spent way to much time trying to set up and nginx rev-proxy to trick pwnPSS int trustingly test lab cert, but I think the concept was wrong-headed from the start.