· Python  · 2 min read

python requests: How to ignore invalid SSL certificates

How to make an SSL web request with the python requests library and ignore invalid SSL certificates. Typically you would want the remote host to have a valid SSL certificate when making an https...

This post was originally published on jcutrer.com (WordPress) and has been migrated to the archive.

How to make an SSL web request with the python requests library and ignore invalid SSL certificates. Typically you would want the remote host to have a valid SSL certificate when making an https request but there are also some valid use cases where you need to ignore server SSL certs. One good example is when communicating with network devices such as local network equipment such as routers, access-points, wireless bridge radios, and IoT devices.

(#solution)

Here is the error and traceback you received when your python code attempts to make an https request to a host that have an invalid or expired SSL certificate.

Error

certificate verify failed: unable to get local issuer certificate (_ssl.c:1076)

Traceback

During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "...\filepath\script.py", line 23, in
response = requests.request("POST", base_url + uris['login'], headers=headers, data = payload )
File "...\venv\lib\site-packages\requests\api.py", line 61, in request
return session.request(method=method, url=url, **kwargs)
File "...\venv\lib\site-packages\requests\sessions.py", line 530, in request
resp = self.send(prep, **send_kwargs)
File "...\venv\lib\site-packages\requests\sessions.py", line 643, in send
r = adapter.send(request, **kwargs)
File "...\venv\lib\site-packages\requests\adapters.py", line 514, in send
raise SSLError(e, request=request)
requests.exceptions.SSLError: HTTPSConnectionPool(host='192.168.1.1', port=443): \
Max retries exceeded with url: /login.cgi (Caused by SSLError(SSLCertVerificationError( \
    1, 
    ' certificate verify failed: unable to get local issuer certificate (_ssl.c:1076)'
)))

Solution

You need to Add verify=False to the call to requests.get() or request.post(). Here is an example

// GET Request
response = requests.get(
    "https://192.168.1.1/", 
    headers=headers, 
    verify=False  # 

### Catching the Exception

Here is an example when you expect a valid SSL and want to gracefully catch the exception without halting executing.

TODO add try catch example

try: response = session.get(url,allow_redirects=False,verify=True) except requests.exceptions.SSLError: pass


### Suppress InsecureRequestWarning

After adding verify=False you may notice that you will now get warnings from urllib3 output to the console when running your script. 

> 

InsecureRequestWarning: Unverified HTTPS request is being made to host '192.168.1.1'. Adding
certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings…\venv\lib\site-packages\urllib3\connectionpool.py:986

You can suppress these warning by adding the following code snippet.   This code should execute before any https calls.

import requests from requests.packages.urllib3.exceptions import InsecureRequestWarning

requests.packages.urllib3.disable_warnings(InsecureRequestWarning)


### References

- (https://2.python-requests.org/en/master/api/#main-interface)(https://2.python-requests.org/en/master/api/#main-interface)(https://2.python-requests.org/en/master/api/#main-interface)
Share:

Comments are disabled (Giscus not yet configured).

Back to archive