If you are trying to make a https connection using httplib2.Http to a server which uses self-signed certificate, you might face "httplib2.SSLHandshakeError: [Errno 1] _ssl.c:480: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed".
There are 2 solutions:
1. httplib2.Http(disable_ssl_certificate_validation=True).request('https://www.godaddy.com/')
2. httplib2 uses its own certificate store. Usually, the location would be /usr/local/lib/python2.7/dist-packages/httplib2/httplib2/cacerts.txt.
Edit this file to add the certificate of your server and you should be good to go.
Steps to download site certificates (eg. certificates from DigiCert):
There are 2 solutions:
1. httplib2.Http(disable_ssl_certificate_validation=True).request('https://www.godaddy.com/')
2. httplib2 uses its own certificate store. Usually, the location would be /usr/local/lib/python2.7/dist-packages/httplib2/httplib2/cacerts.txt.
Edit this file to add the certificate of your server and you should be good to go.
Steps to download site certificates (eg. certificates from DigiCert):
- Open the site
- Click on the lock icon in the address bar.
- Chrome:
- Go to "Connection" tab
- Click on "Certificate Information"
- Firefox:
- Click "More Information"
- Go to "Security" tab
- Click "View certificate"
- Go to "Details" tab
- Make a note of the first node of certificate (eg "DigiCert High Assurance EV Root CA")
- Go to DigiCert certificates page (https://www.digicert.com/digicert-root-certificates.htm).
- Search for the certificate with the name you found above and download it.
- Convert the .crt file to .pem "openssl x509 -in DigiCertHighAssuranceEVRootCA.crt -out DigiCertHighAssuranceEVRootCA.pem -outform PEM"
- If above steps returns error, refer to http://info.ssl.com/article.aspx?id=12149. For this certificate you need to pass "-inform der"
- Open the DigiCertHighAssuranceEVRootCA.pem, copy the contents and paste in cacerts.txt