How to request on a server using digital certificate for Python/Django authentication

Asked

Viewed 1,185 times

0

I am trying to use the api of a system that is available in a web link, however the server of the api requires as authentication a certificate of type pem, I already possess this certificate, however I cannot bring the request data because it returns an error and I have no idea how to solve it.

My job at the View

def IndexView(request):
   response = requests.get('https://server.com.br:4747/engine/healthcheck/', verify=True, cert=['C:/ProgramData/Qlik/Sense/Repository/Exported Certificates/client.pem', 
   'C:/ProgramData/Qlik/Sense/Repository/Exported Certificates/client_key.pem',
   'C:/ProgramData/Qlik/Sense/Repository/Exported Certificates/root.pem'])

   teste = response.json()
   return render(request, 'index.html', {
    'teste': teste,
    })

Error

HTTPSConnectionPool(host='server.com.br', port=4747): Max retries exceeded with url: /engine/healthcheck/ (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')])")))
python django

1 answer

1

@Gabriel Santos, I see you’ve mixed some different concepts in your code: 1) When adding verify = True, you’re telling for the lib requests use the SSL certificate for the request, but in that case it will use the standard certificate installed on your machine. 2) When adding the parameter cert, it must receive the customer side Certificates, which accepts 1 file containing the private key and the certificate, or a tuple with the separate files.

To resolve your issue, simply add the path to your SSL certificate on verify, but only 1 file, not the 3, as you added, since it is only possible to use a certificate by request.

So in case the first file you added in cert be your SSL, just write:

requests.get('https://server.com.br:4747/engine/healthcheck/', 
              verify='C:/ProgramData/Qlik/Sense/Repository/Exported Certificates/client.pem')

See if it works, and otherwise I need to understand why you added 3 files .pem different, and if possible, show the documentation you are using, to understand if there is any concept related to client side Certificates who got lost on the way.

  • Good afternoon Luan, thank you very much for the help and the layout, I made the changes you asked me, I still have the same error, follows below the API documentation, is very short and has an example in JS, I think it will be easier for you to understand. https://help.qlik.com/en-US/sense-developer/November2018/Subsystems/EngineAPI/Content/Sense_EngineAPI/GettingStarted/connecting-to-engine-api.htm

  • @Gabrielsantos, the problem here is not your code. From the link you sent me, this is a connection via websocket, and therefore will not be possible using purely requests. Through Websocket, your computer needs to run as a server to receive events continuously. The idea is to open the connection and then, with it open, send and receive information. You can take a look at libs like this one from Google (https://github.com/google/pywebsocket) or some more current, with full python 3 support (https://pypi.org//projectwebsocket_client/)

Browser other questions tagged python django

You are not signed in. Login or sign up in order to post.