Thank you Potiuk,
However application team provided some location/links to download the certificates and saying that to install on your applications trust store? (Please download the certificate and install on your application’s trust store. ) Example https://... , when I click on those links its asking to install on local machine, I am confused how to install those on airflow webserver. From: Jarek Potiuk <[email protected]> Sent: Wednesday, August 18, 2021 9:22 PM To: [email protected] Cc: [email protected] Subject: Re: SSLCertVerificationError while invoking API from AIRFLOW This has nothing to do with Airflow. It's about which certificates are used by the `requests` library. You need to configure your system that airflow is installed at to include the right certificates. Just googled it and seems that this thread has many ideas you can try: https://stackoverflow.com/questions/10667960/python-requests-throwing-sslerror It also includes the command you can run on your system without involving airflow, so you can test and iterate quickly on it. Good luck :) J. On Wed, Aug 18, 2021 at 5:32 PM Dhiddi Sunil <[email protected]<mailto:[email protected]>> wrote: Hi Team, Can someone please advice, we are facing an issue "SSLCertVerificationError" when we are running load balancer by invoking web api using request.get method from airflow. Here is the example requests.get(https://odisstgbk.abc.com/....,verify=False) Error Message : HTTPSConnectionPool(host='odisstgbk.abc.com<http://odisstgbk.abc.com>', port=443): Max retries exceeded with url: /odis/sendEmail?processId=af894c13-77b5-4d9b-98bf-24833f16a8e8&status=FAILED&mails=venkatesh_gurram%40optum.com<http://40optum.com> (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1076)'))). Though we are adding verify=False parameter we are getting same issue. Please help us to resolve this issue ASAP. The certificate applied to odisstgbk.abc.com<http://odisstgbk.abc.com> is an abcCA signed certificate that is valid until 7/29/2022. Please ensure you have the abcCA root certificates in your trust store (contact Certificate Services team if you need them). If you need the certificate changed from abc CA to Comodo CA, the VIP owner will need to submit a request through the API system (as the VIP is in OSFI) to change the certificate type. I found below 2 n cfg file, what exactly I need to fill for below two in cfg file ? # Paths to the SSL certificate and key for the web server. When both are # provided SSL will be enabled. This does not change the web server port. web_server_ssl_cert = # Paths to the SSL certificate and key for the web server. When both are # provided SSL will be enabled. This does not change the web server port. web_server_ssl_key = This e-mail, including attachments, may include confidential and/or proprietary information, and may be used only by the person or entity to which it is addressed. If the reader of this e-mail is not the intended recipient or his or her authorized agent, the reader is hereby notified that any dissemination, distribution or copying of this e-mail is prohibited. If you have received this e-mail in error, please notify the sender by replying to this message and delete this e-mail immediately. -- +48 660 796 129 This e-mail, including attachments, may include confidential and/or proprietary information, and may be used only by the person or entity to which it is addressed. If the reader of this e-mail is not the intended recipient or his or her authorized agent, the reader is hereby notified that any dissemination, distribution or copying of this e-mail is prohibited. If you have received this e-mail in error, please notify the sender by replying to this message and delete this e-mail immediately.
