RE: SSLCertVerificationError while invoking API from AIRFLOW

[Dhiddi Sunil <su...@optum.com>]

Hi Team,

Can someone please advice,


we are facing an issue "SSLCertVerificationError" when we  are running load balancer by invoking web api using request.get method from airflow.

Here is the example
requests.get(https://odisstgbk.abc.com/....,verify=False)

Error Message :
HTTPSConnectionPool(host='odisstgbk.abc.com', port=443): Max retries exceeded with url: /odis/sendEmail?processId=af894c13-77b5-4d9b-98bf-24833f16a8e8&status=FAILED&mails=venkatesh_gurram%40optum.com (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1076)'))).
Though we are adding verify=False parameter we are getting same issue.

Please help us to resolve this issue ASAP.

The certificate applied to odisstgbk.abc.com is an abcCA signed certificate that is valid until 7/29/2022.
Please ensure you have the abcCA root certificates in your trust store (contact Certificate Services team if you need them).
If you need the certificate changed from abc CA to Comodo CA, the VIP owner will need to submit a request through the API system (as the VIP is in OSFI) to change the certificate type.




I found below 2 n cfg file, what exactly I need to fill for below two in cfg file ?


# Paths to the SSL certificate and key for the web server. When both are # provided SSL will be enabled. This does not change the web server port.
web_server_ssl_cert =
# Paths to the SSL certificate and key for the web server. When both are # provided SSL will be enabled. This does not change the web server port.
web_server_ssl_key =

This e-mail, including attachments, may include confidential and/or
proprietary information, and may be used only by the person or entity
to which it is addressed. If the reader of this e-mail is not the intended
recipient or his or her authorized agent, the reader is hereby notified
that any dissemination, distribution or copying of this e-mail is
prohibited. If you have received this e-mail in error, please notify the
sender by replying to this message and delete this e-mail immediately.

Re: SSLCertVerificationError while invoking API from AIRFLOW

[Jarek Potiuk <ja...@potiuk.com>]

I have no idea - it's your server, it's not airflow's store is the
machine's store you are running it on. Just follow the link and maybe look
for other sources, sorry I am not able to help you to manage your own
machine :). I think you should learn how to do it anyway.

J.

On Thu, Aug 19, 2021 at 10:10 AM Dhiddi Sunil <su...@optum.com>
wrote:

> Thank you Potiuk,
>
>
>
>
>
> However application team provided some location/links to download the
> certificates and saying that to install on your applications trust store?
> (Please download the certificate and install on your application’s trust
> store. )
>
>
>
>
>
>
>
> Example https://... , when I click on those links its asking to install
> on local machine,
>
>
>
> I am confused how to install those on airflow webserver.
>
>
>
>
>
>
>
>
>
>
>
> *From:* Jarek Potiuk <ja...@potiuk.com>
> *Sent:* Wednesday, August 18, 2021 9:22 PM
> *To:* users@airflow.apache.org
> *Cc:* dev@airflow.apache.org
> *Subject:* Re: SSLCertVerificationError while invoking API from AIRFLOW
>
>
>
> This has nothing to do with Airflow. It's about which certificates are
> used by the `requests` library.
>
>
>
> You need to configure your system that airflow is installed at to include
> the right certificates. Just googled it and seems that this thread has many
> ideas you can try:
> https://stackoverflow.com/questions/10667960/python-requests-throwing-sslerror
>
>
> It also includes the command you can run on your system without involving
> airflow, so you can test and iterate quickly on it.
>
>
>
> Good luck :)
>
>
>
> J.
>
>
>
> On Wed, Aug 18, 2021 at 5:32 PM Dhiddi Sunil <su...@optum.com>
> wrote:
>
>
>
> Hi Team,
>
>
>
> Can someone please advice,
>
>
>
>
>
> we are facing an issue "SSLCertVerificationError" when we  are running
> load balancer by invoking web api using request.get method from airflow.
>
>
>
> Here is the example
>
> requests.get(https://odisstgbk.abc.com/....,verify=False)
>
>
>
> Error Message :
>
> HTTPSConnectionPool(host='odisstgbk.abc.com', port=443): Max retries
> exceeded with url:
> /odis/sendEmail?processId=af894c13-77b5-4d9b-98bf-24833f16a8e8&status=FAILED&mails=venkatesh_gurram%
> 40optum.com (Caused by SSLError(SSLCertVerificationError(1, '[SSL:
> CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed
> certificate in certificate chain (_ssl.c:1076)'))).
>
> Though we are adding verify=False parameter we are getting same issue.
>
>
>
> Please help us to resolve this issue ASAP.
>
>
>
> The certificate applied to odisstgbk.abc.com is an abcCA signed
> certificate that is valid until 7/29/2022.
>
> Please ensure you have the abcCA root certificates in your trust store
> (contact Certificate Services team if you need them).
>
> If you need the certificate changed from abc CA to Comodo CA, the VIP
> owner will need to submit a request through the API system (as the VIP is
> in OSFI) to change the certificate type.
>
>
>
>
>
>
>
>
>
> I found below 2 n cfg file, what exactly I need to fill for below two in
> cfg file ?
>
>
>
>
>
> # Paths to the SSL certificate and key for the web server. When both are #
> provided SSL will be enabled. This does not change the web server port.
>
> web_server_ssl_cert =
>
> # Paths to the SSL certificate and key for the web server. When both are #
> provided SSL will be enabled. This does not change the web server port.
>
> web_server_ssl_key =
>
>
> This e-mail, including attachments, may include confidential and/or
> proprietary information, and may be used only by the person or entity
> to which it is addressed. If the reader of this e-mail is not the intended
> recipient or his or her authorized agent, the reader is hereby notified
> that any dissemination, distribution or copying of this e-mail is
> prohibited. If you have received this e-mail in error, please notify the
> sender by replying to this message and delete this e-mail immediately.
>
>
>
>
> --
>
> +48 660 796 129
>
>
> This e-mail, including attachments, may include confidential and/or
> proprietary information, and may be used only by the person or entity
> to which it is addressed. If the reader of this e-mail is not the intended
> recipient or his or her authorized agent, the reader is hereby notified
> that any dissemination, distribution or copying of this e-mail is
> prohibited. If you have received this e-mail in error, please notify the
> sender by replying to this message and delete this e-mail immediately.
>


-- 
+48 660 796 129

RE: SSLCertVerificationError while invoking API from AIRFLOW

[Dhiddi Sunil <su...@optum.com>]

Thank you Potiuk,


However application team provided some location/links to download the certificates and saying that to install on your applications trust store? (Please download the certificate and install on your application’s trust store. )



Example https://... , when I click on those links its asking to install on local machine,

I am confused how to install those on airflow webserver.





From: Jarek Potiuk <ja...@potiuk.com>
Sent: Wednesday, August 18, 2021 9:22 PM
To: users@airflow.apache.org
Cc: dev@airflow.apache.org
Subject: Re: SSLCertVerificationError while invoking API from AIRFLOW

This has nothing to do with Airflow. It's about which certificates are used by the `requests` library.

You need to configure your system that airflow is installed at to include the right certificates. Just googled it and seems that this thread has many ideas you can try: https://stackoverflow.com/questions/10667960/python-requests-throwing-sslerror
It also includes the command you can run on your system without involving airflow, so you can test and iterate quickly on it.

Good luck :)

J.

On Wed, Aug 18, 2021 at 5:32 PM Dhiddi Sunil <su...@optum.com>> wrote:

Hi Team,

Can someone please advice,


we are facing an issue "SSLCertVerificationError" when we  are running load balancer by invoking web api using request.get method from airflow.

Here is the example
requests.get(https://odisstgbk.abc.com/....,verify=False)

Error Message :
HTTPSConnectionPool(host='odisstgbk.abc.com<http://odisstgbk.abc.com>', port=443): Max retries exceeded with url: /odis/sendEmail?processId=af894c13-77b5-4d9b-98bf-24833f16a8e8&status=FAILED&mails=venkatesh_gurram%40optum.com<http://40optum.com> (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1076)'))).
Though we are adding verify=False parameter we are getting same issue.

Please help us to resolve this issue ASAP.

The certificate applied to odisstgbk.abc.com<http://odisstgbk.abc.com> is an abcCA signed certificate that is valid until 7/29/2022.
Please ensure you have the abcCA root certificates in your trust store (contact Certificate Services team if you need them).
If you need the certificate changed from abc CA to Comodo CA, the VIP owner will need to submit a request through the API system (as the VIP is in OSFI) to change the certificate type.




I found below 2 n cfg file, what exactly I need to fill for below two in cfg file ?


# Paths to the SSL certificate and key for the web server. When both are # provided SSL will be enabled. This does not change the web server port.
web_server_ssl_cert =
# Paths to the SSL certificate and key for the web server. When both are # provided SSL will be enabled. This does not change the web server port.
web_server_ssl_key =

This e-mail, including attachments, may include confidential and/or
proprietary information, and may be used only by the person or entity
to which it is addressed. If the reader of this e-mail is not the intended
recipient or his or her authorized agent, the reader is hereby notified
that any dissemination, distribution or copying of this e-mail is
prohibited. If you have received this e-mail in error, please notify the
sender by replying to this message and delete this e-mail immediately.


--
+48 660 796 129

This e-mail, including attachments, may include confidential and/or
proprietary information, and may be used only by the person or entity
to which it is addressed. If the reader of this e-mail is not the intended
recipient or his or her authorized agent, the reader is hereby notified
that any dissemination, distribution or copying of this e-mail is
prohibited. If you have received this e-mail in error, please notify the
sender by replying to this message and delete this e-mail immediately.

Re: SSLCertVerificationError while invoking API from AIRFLOW

[Jarek Potiuk <ja...@potiuk.com>]

This has nothing to do with Airflow. It's about which certificates are used
by the `requests` library.

You need to configure your system that airflow is installed at to include
the right certificates. Just googled it and seems that this thread has many
ideas you can try:
https://stackoverflow.com/questions/10667960/python-requests-throwing-sslerror

It also includes the command you can run on your system without involving
airflow, so you can test and iterate quickly on it.

Good luck :)

J.

On Wed, Aug 18, 2021 at 5:32 PM Dhiddi Sunil <su...@optum.com> wrote:

>
>
> Hi Team,
>
>
>
> Can someone please advice,
>
>
>
>
>
> we are facing an issue "SSLCertVerificationError" when we  are running
> load balancer by invoking web api using request.get method from airflow.
>
>
>
> Here is the example
>
> requests.get(https://odisstgbk.abc.com/....,verify=False)
>
>
>
> Error Message :
>
> HTTPSConnectionPool(host='odisstgbk.abc.com', port=443): Max retries
> exceeded with url:
> /odis/sendEmail?processId=af894c13-77b5-4d9b-98bf-24833f16a8e8&status=FAILED&mails=venkatesh_gurram%
> 40optum.com (Caused by SSLError(SSLCertVerificationError(1, '[SSL:
> CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed
> certificate in certificate chain (_ssl.c:1076)'))).
>
> Though we are adding verify=False parameter we are getting same issue.
>
>
>
> Please help us to resolve this issue ASAP.
>
>
>
> The certificate applied to odisstgbk.abc.com is an abcCA signed
> certificate that is valid until 7/29/2022.
>
> Please ensure you have the abcCA root certificates in your trust store
> (contact Certificate Services team if you need them).
>
> If you need the certificate changed from abc CA to Comodo CA, the VIP
> owner will need to submit a request through the API system (as the VIP is
> in OSFI) to change the certificate type.
>
>
>
>
>
>
>
>
>
> I found below 2 n cfg file, what exactly I need to fill for below two in
> cfg file ?
>
>
>
>
>
> # Paths to the SSL certificate and key for the web server. When both are #
> provided SSL will be enabled. This does not change the web server port.
>
> web_server_ssl_cert =
>
> # Paths to the SSL certificate and key for the web server. When both are #
> provided SSL will be enabled. This does not change the web server port.
>
> web_server_ssl_key =
>
>
> This e-mail, including attachments, may include confidential and/or
> proprietary information, and may be used only by the person or entity
> to which it is addressed. If the reader of this e-mail is not the intended
> recipient or his or her authorized agent, the reader is hereby notified
> that any dissemination, distribution or copying of this e-mail is
> prohibited. If you have received this e-mail in error, please notify the
> sender by replying to this message and delete this e-mail immediately.
>


-- 
+48 660 796 129

Re: SSLCertVerificationError while invoking API from AIRFLOW

[Jarek Potiuk <ja...@potiuk.com>]

This has nothing to do with Airflow. It's about which certificates are used
by the `requests` library.

You need to configure your system that airflow is installed at to include
the right certificates. Just googled it and seems that this thread has many
ideas you can try:
https://stackoverflow.com/questions/10667960/python-requests-throwing-sslerror

It also includes the command you can run on your system without involving
airflow, so you can test and iterate quickly on it.

Good luck :)

J.

On Wed, Aug 18, 2021 at 5:32 PM Dhiddi Sunil <su...@optum.com> wrote:

>
>
> Hi Team,
>
>
>
> Can someone please advice,
>
>
>
>
>
> we are facing an issue "SSLCertVerificationError" when we  are running
> load balancer by invoking web api using request.get method from airflow.
>
>
>
> Here is the example
>
> requests.get(https://odisstgbk.abc.com/....,verify=False)
>
>
>
> Error Message :
>
> HTTPSConnectionPool(host='odisstgbk.abc.com', port=443): Max retries
> exceeded with url:
> /odis/sendEmail?processId=af894c13-77b5-4d9b-98bf-24833f16a8e8&status=FAILED&mails=venkatesh_gurram%
> 40optum.com (Caused by SSLError(SSLCertVerificationError(1, '[SSL:
> CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed
> certificate in certificate chain (_ssl.c:1076)'))).
>
> Though we are adding verify=False parameter we are getting same issue.
>
>
>
> Please help us to resolve this issue ASAP.
>
>
>
> The certificate applied to odisstgbk.abc.com is an abcCA signed
> certificate that is valid until 7/29/2022.
>
> Please ensure you have the abcCA root certificates in your trust store
> (contact Certificate Services team if you need them).
>
> If you need the certificate changed from abc CA to Comodo CA, the VIP
> owner will need to submit a request through the API system (as the VIP is
> in OSFI) to change the certificate type.
>
>
>
>
>
>
>
>
>
> I found below 2 n cfg file, what exactly I need to fill for below two in
> cfg file ?
>
>
>
>
>
> # Paths to the SSL certificate and key for the web server. When both are #
> provided SSL will be enabled. This does not change the web server port.
>
> web_server_ssl_cert =
>
> # Paths to the SSL certificate and key for the web server. When both are #
> provided SSL will be enabled. This does not change the web server port.
>
> web_server_ssl_key =
>
>
> This e-mail, including attachments, may include confidential and/or
> proprietary information, and may be used only by the person or entity
> to which it is addressed. If the reader of this e-mail is not the intended
> recipient or his or her authorized agent, the reader is hereby notified
> that any dissemination, distribution or copying of this e-mail is
> prohibited. If you have received this e-mail in error, please notify the
> sender by replying to this message and delete this e-mail immediately.
>


-- 
+48 660 796 129