我想使用从server生成的证书从我的客户端向服务器进行身份验证。我有一个server-ca.crt,下面是正在运行的CURL命令。如何使用python请求模块发送类似的请求。 / p>
$ curl -X GET -u sat_username:sat_password \
-H "Accept:application/json" --cacert katello-server-ca.crt \
https://satellite6.example.com/katello/api/organizations
我尝试了以下方式,但是有一些例外,有人可以帮助解决这个问题。
python requestsCert.py
Traceback (most recent call last):
File "requestsCert.py", line 2, in <module>
res=requests.get('https://satellite6.example.com/katello/api/organizations', cert='/certificateTests/katello-server-ca.crt', verify=True)
File "/usr/lib/python2.7/site-packages/requests/api.py", line 68, in get
return request('get', url, **kwargs)
File "/usr/lib/python2.7/site-packages/requests/api.py", line 50, in request
response = session.request(method=method, url=url, **kwargs)
File "/usr/lib/python2.7/site-packages/requests/sessions.py", line 464, in request
resp = self.send(prep, **send_kwargs)
File "/usr/lib/python2.7/site-packages/requests/sessions.py", line 576, in send
r = adapter.send(request, **kwargs)
File "/usr/lib/python2.7/site-packages/requests/adapters.py", line 431, in send
raise SSLError(e, request=request)
requests.exceptions.SSLError: [SSL] PEM lib (_ssl.c:2554)
答案 0 :(得分:2)
res=requests.get('https://...', cert='/certificateTests/katello-server-ca.crt', verify=True)
cert中的requests.get参数用于指定应用于相互身份验证的客户端证书和密钥。它不用于指定受信任的CA作为curl中的--cacert参数。相反,您应该使用verify参数:
res=requests.get('https://...', verify='/certificateTests/katello-server-ca.crt')
有关详细信息,请参阅requests文档中的SSL Cert Verification和Client Side Certificates。