最近執行python叫用API時發生憑證問題,
執行 request.get(...) 時發生錯誤.
兩個解法,
1. Disable SSL verify驗證.
2. 把目標server 的 cert加入python執行環境的信任憑證清單中.
1. Disable SSL verify驗證.
>>> requests.get('https://kennethreitz.org', verify=False)
<Response [200]>
或者程式碼中直接指給他
>>> requests.get('https://kennethreitz.org', cert=('/path/client.cert', '/path/client.key'))
<Response [200]>
可以參考這邊
http://docs.python-requests.org/en/master/user/advanced/
(中文版: http://docs.python-requests.org/zh_CN/latest/user/advanced.html)
2. 把目標server 的 cert加入python執行環境的信任憑證清單中.
怎麼簽cert自己去找參考文章囉.
這個可以參考下
https://www.digicert.com/ssl-support/pem-ssl-creation.htm
在自己的機器中用pip 安裝 certifi套件.
# pip install certifi --no-verify --proxy=http://proxy-server.com:80
pyton → >> import certifi → >> certifi.where() → usually python certifi cacert.pem located /usr/lib/python2.7/site-packages/certifi/cacert.pem
[root@localhost tmp]# python3
Python 3.5.2 (default, Jun 19 2018, 15:12:38)
[GCC 4.4.7 20120313 (Red Hat 4.4.7-18)] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import certifi
>>> certifi.where()
'/usr/local/lib/python3.5/site-packages/certifi/cacert.pem'
>>> exit()
[root@localhost tmp]# cat ~/cert.pem >> /usr/local/lib/python3.5/site-packages/certifi/cacert.pem
(please specify your own .pem file location)
在執行 request.get(...) , request.post(...) 就會信任該server的憑證了.