解决方案:SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to
通过python代码爬取数据时出现了这个错误。python代码如下:
from requests import getimport requestsurl = "https://xx.xx.xx:8888/states"headers = {"Authorization": "Bearer token","content-type": "application/json",}response = get(url, headers=headers)print(response.text)
报出了如上的错误。在网上搜索了很多资料,大部分建议将ssl证书验证关闭即
response = get(url, headers=headers, verify=False)
但是这样面临着被攻击的风险。在查阅了相关资料后,发现https走的是非对称加密,客户端(执行python的机器)必须要手握公钥才能和服务器加密通信。ubuntu系统(本人开发环境)的公钥放在/etc/ssl/certs/ca-certificates.crt中,这个文件中存储了大部分的公钥,访问一般的网站不会出现问题,如百度:
ubuntu:~/Desktop$ curl -v * Trying 14.215.177.38:443...* TCP_NODELAY set* Connected to (14.215.177.38) port 443 (#0)* ALPN, offering h2* ALPN, offering http/1.1* successfully set certificate verify locations:* CAfile: /etc/ssl/certs/ca-certificates.crtCApath: /etc/ssl/certs* TLSv1.3 (OUT), TLS handshake, Client hello (1):* TLSv1.3 (IN), TLS handshake, Server hello (2):* TLSv1.2 (IN), TLS handshake, Certificate (11):* TLSv1.2 (IN), TLS handshake, Server key exchange (12):* TLSv1.2 (IN), TLS handshake, Server finished (14):* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):* TLSv1.2 (OUT), TLS handshake, Finished (20):* TLSv1.2 (IN), TLS handshake, Finished (20):* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
而本次要访问的网站是自己搭建的,需要将公钥拷贝到/etc/ssl/certs/ca-certificates.crt。本人使用的是万网的免费域名证书,只要将chain.crt以及public.crt中的公钥拷贝到/etc/ssl/certs/ca-certificates.crt即可正常访问网站。
大家觉得有所帮忙请点个赞:)