While executing the following code in Python 3.8
import requests
requests.get("https://e-sat.de/")
I get this error:
requests.exceptions.SSLError: HTTPSConnectionPool(host='e-sat.de',
port=443): Max retries exceeded with url: / (Caused by
SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED]
certificate verify failed: unable to get local issuer certificate
(_ssl.c:1131)')))
However, if I access the website with my browser, everything seems to be fine with the certificate.
I am now wondering, why this happens.
I already tried to use the CABundle from https://certifiio.readthedocs.io/en/latest/.
import requests
requests.get("https://e-sat.de/", verify="path/to/certs.pem")
The same happens for several websites. All of them have Let's Encrpyt certificates. Is this related to that?
I am not able to include every single certificate of a website manually as they dynamically change.
Related
I am trying to scrape a website with the html_session() function of the rvest package. When I try to acces the website (a local proxy authentication website), I get this error:
Error in curl::curl_fetch_memory(url, handle = handle) :
schannel: next InitializeSecurityContext failed: SEC_E_UNTRUSTED_ROOT (0x80090325) - The certificate chain was issued by an authority that is not trusted.
It OK that such an error message arises, as there are certificate issues when accesing the website with a standard browser such as Chrome or Firefox. Nevertheless, how can I override this situation and continue browsing with rvest?
(maybe something related to this may help: "The certificate chain was issued by an authority that is not trusted" when connecting DB in VM Role from Azure website).
Thanks!
I have a problem while porting my site from http to https, expecially while I invoke any WS.
That are the steps I've follow:
Import certificate in IIS
Change security mode from "Message" to "TransportWithMessageCredential"
I got this error:
SecurityNegotiationException: The server certificate with name XXXXX failed identity verification
because its thumbprint ('XXXXXXX') does not match the one specified in the endpoint identity ('YYYYYY').
As a result, the current HTTPS request has failed.
Please update the endpoint identity used on the client or the certificate used by the server.
What's the problem ?
Could it be a problem of connections cache ?
How can I prevent it ?
I am running a JMeter performance test for testing an application that uses firebase storage. I am using node as the backend and i am connecting to database using the firebase admin sdk.
The loading testing instantiated for thread count of 50 and duration of 1 second.
But some of the requests fail with the following error
Response code: 200
Response message: Embedded resource download error:https://storage.googleapis.com/****/*****?GoogleAccessId=firebase-adminsdk-*******&Expires=****&Signature=******* code:Non HTTP response code: javax.net.ssl.SSLHandshakeException message:Non HTTP response message: Remote host closed connection during handshake,
Is it because of the restrictions in the number of connections (upper limit) that firebase has ?
My expectation is that you should not be load testing Firebase itself as it is not something you can efficiently control (unless you're a Google engineer who is load testing Firebase) as it might be the case you're exceeding Free Quota or Google blocks suspicious traffic from your IP due to DoS attack prevention mechanism
My expectation is that you need to limit you load test to focus on your application domain only and no requests to Firebase should be made. In order to exclude external domains from the embedded resources scope you can add the following regular expression to "URLs must match" input of the HTTP Requests Defaults:
^((?!storage.googleapis.com).)*$
I have a simple MVC ASP.Net application with a health check. The check is routed using an attribute: [HttpGet("health")]
When running it locally, I browse http://localhost:7000/health and get a successful result back. The logs look like this:
info: Microsoft.AspNetCore.Hosting.Internal.WebHost[1]
[00:00:34.796]: Request starting HTTP/1.1 GET http://localhost:7000/health
Microsoft.AspNetCore.Hosting.Internal.WebHost:Information: [00:00:34.796]: Request starting HTTP/1.1 GET http://localhost:7000/health
dbug: Microsoft.AspNetCore.Routing.Tree.TreeRouter[1]
Request successfully matched the route with name '(null)' and template 'health'.
However, once I deploy to Amazon Elastic Beanstalk, none of my normal request work. If I browse http://(myAppName).us-east-2.elasticbeanstalk.com/ these are the logs I get:
[40m[32minfo[39m[22m[49m: Microsoft.AspNetCore.Hosting.Internal.WebHost[1]
[23:56:39.079]: Request starting HTTP/1.1 GET http://172.31.27.29//(myAppName).us-east-2.elasticbeanstalk.com/health
[40m[37mdbug[39m[22m[49m: Microsoft.AspNetCore.Builder.RouterMiddleware[1]
Request did not match any routes.
Note how for some reason the request URL gets an IP address stuck in there. No idea where its coming from.
Turns out this was a misconfiguration in AWS. I had set the health check URL with an absolute address, which failed. Then when I tried to health check manually, the load balancer didn't let me through because the AWS health check was failing.
I thought the logs were from my manual check, so I assumed that amazon was adding weird things to my request. But really it was just a misconfigured health check in AWS.
We publish an asp.net API on:
http://API.domain.com/v3/service.svc
https://API.domain.com/v3/service.svc
Had a problem last week with a corrupt SSL certificate which meant connecting to the HTTPS ref fails with an internet explorer connection problem. HTTP ref was fine, was confirmed the SSL corruption was the issue.
A customer that should have been using HTTPS never noticed, logs confirmed they are actually using HTTP for authentication and data.
When testing with WCF STORM (test app I used to test method calls) I could recreate the issue i.e HTTP ok & HTTPS fails. Installing a backup certificate resolved the problem instantly, everything back to normal operation.
So I started looking at HTTP to HTTPS redirects. Got it up and running using http://www.iis-aid.com/articles/how_to_guides/redirect_http_to_https_iis_7 (i.e the change to web.config).
When browsing to my API HTTP and HTTPS url, everything worked as expected.
When using WCF STORM to I get the message:
System.InvalidOperationException: The document at the url http://API.domain.com/v3/service.svc was not recognized as a known document type.
The error message from each known type may help you fix the problem:
- Report from 'DISCO Document' is 'Discovery document at the URL http://API.domain.com/v3/service.svc?disco&disco could not be found.'.
- The document format is not recognized.
- Report from 'http://API.domain.com/v3/service.svc' is 'The document format is not recognized (the content type is 'text/html; charset=UTF-8').'.
- Report from 'WSDL Document' is 'The document format is not recognized (the content type is 'text/html; charset=UTF-8').'.
- Report from 'XML Schema' is 'The document format is not recognized (the content type is 'text/html; charset=UTF-8').'.
at System.Web.Services.Discovery.DiscoveryClientProtocol.DiscoverAny(String url)
at WcfStorm.DynamicProxy.ServiceClientProxyFactory.(Option`1 )
at WcfStorm.DynamicProxy.ServiceClientProxyFactory.DiscoverEndpoint(Option`1 cfgOption)
at WcfStorm.Model.WcfServiceModel.(ServiceClientProxyFactory )
at WcfStorm.Lib.Common.BgWorker`2.OnDoWork(DoWorkEventArgs e)
Client proxy code is empty!
I remember one of the developers telling me that the AUTHENTICATION uses SSL but the SOAP messages are transmitted over HTTP. Therefore I suspect the HTTP to HTTPS redirection has caused this issue as its forcing the SOAP messages to use HTTPS and the API has not been configured to do this .... I'm guessing? Developer explained that its recommended that APIs using HTTP for transmitting the SOAP data after authentication using SSL to confirm credentials.
Questions:
How do we force the SOAP data to be transmitted over HTTPS if this is deemed the solution?
If this is not possible how do i deployed HTTP to HTTPS redirect within the environment above ?
Any other way to force HTTPS onto end users / disabled HTTP and / or redirect to HTTPS ?
Thank you for any help.