在https://myhost.example.com,我有一个自己的网站,上面有我自己的CA签名的证书。
我正在使用macOS,并将自定义CA证书添加到了macOS钥匙串中。它可以通过以下最少的代码在Apple提供的Python中正常运行:
import requests
r = requests.get('https://myhost.example.com')
现在,我想在Miniconda环境(基础程序)中执行相同的程序:
我通过以下方式将我的CA证书添加到了~/miniconda2/ssl/cacert.pem:
# cat myownca.pem >> ~/miniconda2/ssl/cacert.pem
证书以以下内容开头,因此我认为它是正确的PEM格式:
-----BEGIN CERTIFICATE-----
MIIDZzCCAk+gAwIBA...
我检查了:
# python -c "import ssl; print(ssl.get_default_verify_paths())"
DefaultVerifyPaths(cafile='/Users/asylumine/miniconda2/ssl/cert.pem', capath='/Users/asylumine/miniconda2/ssl/certs', openssl_cafile_env='SSL_CERT_FILE', openssl_cafile='/Users/asylumine/miniconda2/ssl/cert.pem', openssl_capath_env='SSL_CERT_DIR', openssl_capath='/Users/asylumine/miniconda2/ssl/certs')
但是Python程序失败:
Traceback (most recent call last):
File "testinpy.py", line 2, in <module>
r = requests.get('https://myhost.example.com')
File "/Users/asylumine/miniconda2/lib/python2.7/site-packages/requests/api.py", line 72, in get
return request('get', url, params=params, **kwargs)
File "/Users/asylumine/miniconda2/lib/python2.7/site-packages/requests/api.py", line 58, in request
return session.request(method=method, url=url, **kwargs)
File "/Users/asylumine/miniconda2/lib/python2.7/site-packages/requests/sessions.py", line 508, in request
resp = self.send(prep, **send_kwargs)
File "/Users/asylumine/miniconda2/lib/python2.7/site-packages/requests/sessions.py", line 618, in send
r = adapter.send(request, **kwargs)
File "/Users/asylumine/miniconda2/lib/python2.7/site-packages/requests/adapters.py", line 506, in send
raise SSLError(e, request=request)
requests.exceptions.SSLError: HTTPSConnectionPool(host='myhost.example.com', port=443): Max retries exceeded with url: / (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'ssl3_get_server_certificate', 'certificate verify failed')],)",),))
我想念什么?