Client certificate works in curl but not in Python

Question

Using curl I can connect to a server that needs specific certificate.

curl -E ./file.crt.pem --key ./file.key.pem -k https://server.url

curl version: 7.29.0

But when using Python's requests library, I get an error:

import requests
cert_file_path = "file.crt.pem"
key_file_path = "file.key.pem"
cert = (cert_file_path, key_file_path)
url = 'https://server.url'
r = requests.post(url, cert=cert, verify=False)

Error:

SSLError(SSLError("bad handshake: Error([('SSL routines', 'ssl3_read_bytes', 'tlsv1 alert unknown ca')])"))

Python version: v3.7

What am I missing?

Answer 1

A comment on this answer helped me figure this out.

Update your code as such:

import requests
cert_file_path = "file.crt.pem"
key_file_path = "file.key.pem"
cert = (cert_file_path, key_file_path)
url = 'https://server.url'
r = requests.post(url, cert=cert, verify="path/to/ca_public_keys.pem") # replace with your file

I'm assuming you're using a self-signed certificate, so you need to specify the .pem file containing the public certificates of the CA that issued your self-signed certificate. Make sure to include the intermediate certificates, otherwise the requests library will throw the tlsv1 alert unknown ca error.

You can check the issuer of your client certificate by typing openssl x509 -noout -in file.crt.pem -issuer in a terminal.

Answer 2

Request module checks environmental variable REQUESTS_CA_BUNDLE for cert file. So just do this

export REQUESTS_CA_BUNDLE=/absolute/path/to/your/file.crt.pem

Your python code will simply be:

import requests

url = 'https://server.url'
r = requests.post(url)
print(r.text)