Python jira ssl error

Python: 3.8
Jira module: jira-2.0.0-py2.py3-none-any.whl

This is my python script:

from jira.client import JIRA
import getpass
passwd = getpass.getpass('Password: ')
jira = JIRA(options = {'server': 'https://jira.example.com'}, basic_auth=('username', passwd))

And the output is:

WARNING:root:HTTPSConnectionPool(host='jira.example.com', port=443): Max retries exceeded with url: /rest/api/2/serverInfo (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1108)'))) while doing GET https://jira.example.com/rest/api/2/serverInfo [{'params': None, 'headers': {'User-Agent': 'python-requests/2.24.0', 'Accept-Encoding': 'gzip, deflate', 'Accept': 'application/json,*.*;q=0.9', 'Connection': 'keep-alive', 'Cache-Control': 'no-cache', 'Content-Type': 'application/json', 'X-Atlassian-Token': 'no-check'}}]
WARNING:root:Got ConnectionError [HTTPSConnectionPool(host='jira.example.com', port=443): Max retries exceeded with url: /rest/api/2/serverInfo (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1108)')))] errno:None on GET https://jira.example.com/rest/api/2/serverInfo
{'response': None, 'request': <PreparedRequest [GET]>}{'response': None, 'request': <PreparedRequest [GET]>}
WARNING:root:Got recoverable error from GET https://jira.example.com/rest/api/2/serverInfo, will retry [1/3] in 15.590765967470047s. Err: HTTPSConnectionPool(host='jira.example.com', port=443): Max retries exceeded with url: /rest/api/2/serverInfo (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1108)')))
...

This issue has been solved with the following modification to code:

import jira.client
from jira import JIRA
import getpass
import urllib3
urllib3.disable_warnings()
passwd = getpass.getpass("Password: ")
jira = JIRA(options = {'server': 'https://jira.example.com', 'verify': False}, basic_auth=('username', passwd))

SSL certificate verification error while authenticating into JIRA server #966

While trying to authenticate into JIRA server using python library for interacting with JIRA via REST APIs, I get the following error:

WARNING:root:Got recoverable error from GET https://corporate.domain.com/rest/api/2/serverInfo, will retry [1/3] in 8.16608003441684s. Err: HTTPSConnectionPool(host=’jerry.wincor-nixdorf.com’, port=443): Max retries exceeded with url: /rest/api/2/serverInfo (Caused by SSLError(SSLCertVerificationError(1, ‘[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1108)’)))
WARNING:root:HTTPSConnectionPool(host=’corporate.domain.com’, port=443): Max retries exceeded with url: /rest/api/2/serverInfo (Caused by SSLError(SSLCertVerificationError(1, ‘[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1108)’))) while doing GET https://corporate.domain.com/rest/api/2/serverInfo [<‘params’: None, ‘headers’: <‘User-Agent’: ‘python-requests/2.24.0’, ‘Accept-Encoding’: ‘gzip, deflate’, ‘Accept’: ‘application/json,.;q=0.9′, ‘Connection’: ‘keep-alive’, ‘Cache-Control’: ‘no-cache’, ‘Content-Type’: ‘application/json’, ‘X-Atlassian-Token’: ‘no-check’>>]

OS: Windows 10;
python: 3.8.0
JIRA (Jira-python library package): 3.0.a2

Please also suggest whether the rest api endpoint used is correct!

PS: I sit behind a corporate network

Thanks in advance,
Anush

The text was updated successfully, but these errors were encountered:

Источник

Python script fails with: [SSL: CERTIFICATE_VERIFY_FAILED]

Python: 3.8
Jira module: jira-2.0.0-py2.py3-none-any.whl

This is my python script:

And the output is:

This issue has been solved with the following modification to code:

2 answers

I am NOT sure if you still need answer but I found an answer just now. Just install «python-certifi-win32» and boom, certification error is cleared.

«Server» should be outside of «options» and NO need for

You must be a registered user to add a comment. If you’ve already registered, sign in. Otherwise, register and sign in.

Unless you need encryted password.

You must be a registered user to add a comment. If you’ve already registered, sign in. Otherwise, register and sign in.

You must be a registered user to add a comment. If you’ve already registered, sign in. Otherwise, register and sign in.

I am also getting same issue while executing the script. My OS and python version is:

I added the certificate in the script for the verification which is required and cant disable it (False)

i tested the script with Python3.6 but the issue is still same.

Источник

Can not connect with python JIRA

I am new to JIRA. I need to connect to JIRA and do some queries. The problem is the begging, I can’t connect.

The code that I use is the next one:

and I get an error asking for a certificate (. certificate_verify_failed. )

So, I found in Stack Overflow that you can add a certificate. So, I went to the browser, save the certificate that it is used as a file and then add the certificate to the JIRA object:

Unfortunately, didn’t work.

I also tried to set ‘verify’ to false but also not working.

Thank you very much

2 answers

1 accepted

What is the error you are now receiving? Is your Jira instance a server or cloud instance? I can connect to a server instance using the exact same method that you are employing.

You must be a registered user to add a comment. If you’ve already registered, sign in. Otherwise, register and sign in.

I get an error ‘SSL CERTIFICATE_VERIFY_FAILED’. I am using a Jira server. Nothing seams to work.

For example, if I go with Firefox to the page and log in with the credentials it worked. Then, for example I use the api roots in the browser: http://customdomain/api/2/issue/JRA-1513 and I get the JSON in the browser. Which means that I have the rights to use the api but I am not able whit the python script. It always give me the same certificate error.

You must be a registered user to add a comment. If you’ve already registered, sign in. Otherwise, register and sign in.

Finally I fixed it! 🙂

I had to installed

and then it works! It was just a certification problem.

Thank you for your help

You must be a registered user to add a comment. If you’ve already registered, sign in. Otherwise, register and sign in.

To be sure we’re using the same approach to saving and referencing the certificate, here is how I saved my cert:

• Browsed to my Jira instance with Chrome
• Clicked the padlock in the address bar
• Clicked Certificate
• Clicked Certification Path
• Clicked the topmost option in the Certification path
• Clicked View Certificate
• Clicked the Certification Path tab
• Clicked the Details tab
• Clicked the Copy to File. button
• Clicked Next
• Selected Base-64 encoded X.509
• Provided a path
• Clicked the Finish button

I then reference it in my Python script using forward slashes, even though I’m on Windows, so the backslash won’t act as a delimited, e.g.

You must be a registered user to add a comment. If you’ve already registered, sign in. Otherwise, register and sign in.

Ah, after typing my response I now see that you solved it by installing a module. Glad you got it working!

You must be a registered user to add a comment. If you’ve already registered, sign in. Otherwise, register and sign in.

Installing «python-certifi-win32» worked like a charm.

You must be a registered user to add a comment. If you’ve already registered, sign in. Otherwise, register and sign in.

please reopen your question again at https://community.developer.atlassian.com/. There is the right audience to assist.

You must be a registered user to add a comment. If you’ve already registered, sign in. Otherwise, register and sign in.

Источник

REST api using token ow gives SSL error

I am using JiraClient.py

When I first ran it, after generating a JIRA API Token, it worked fine. However, now I am getting an error like this:

• urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host=’XXXXX.atlassian.net’, port=443): Max retries exceeded with url: /rest/api/3/worklog/updated?since=1601801936618 (Caused by SSLError(SSLCertVerificationError(1, ‘[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1076)’)))

I even tried generating a brand new token, and it doesn’t work with that either.

3 answers

1 accepted

If I understand correctly you are trying to call a Jira Cloud REST API endpoint using jira_client.py and this is now returning an SSL error, while it was working fine before.

If this is correct, can you please check the following:

1. In the script you have only entered your email address as the username and the API Token associated to it. You left all the other values set to «none»
2. You are able to call the same endpoint successfully using Curl. If this does not work please add the -D- argument and paste the response in here (replace : , , and with the appropriate values):

You must be a registered user to add a comment. If you’ve already registered, sign in. Otherwise, register and sign in.

1. Correct — I just call:
   client = JiraClient( «my.email.address@company.com» , «TOKEN_XYXYXYXYX»)
   If I add verify=False in the call tothen it works.
2. If I just do the http portion from Browser:

then it works fine; but doing curl:

I guess not so surprising that curl behaves same way that Python does; what is most surprising is that when I ran it the first few times, I did not get errors..

You must be a registered user to add a comment. If you’ve already registered, sign in. Otherwise, register and sign in.

This is super weird and a bit concerning at the same time, since we don’t have any self-signed certificate in the certificate chain for Atlassian Cloud products.

You can double check this by using the SSLShopper Certificate Checker or any other tool to check certificates:

Now, if this error is only happening from the command line but not from the browser, there are chances your OS is using some old/outdated CA store (maybe an old version of openssl was installed recently).

In order to doble-check this, please do the following:

• Compare the certificate you get from the browser with the one you get from command line (you can use the openssl command in above example) in order to make sure that’s the same one and exclude there is anything weird going on.
• Once verified the certificate is correct/the same, you should update the CA store used by your OS (or by python, if it’s not the same).

For further details, you might want to see below links:

You must be a registered user to add a comment. If you’ve already registered, sign in. Otherwise, register and sign in.

Thanks @Dario B — that sounds promising. Might not get to it till next week but I’ll take a look, (assuming instructions on the links are clear enough :-), or maybe my IT guy can help out).

You must be a registered user to add a comment. If you’ve already registered, sign in. Otherwise, register and sign in.

The links are a bit random since I don’t know which Operating System you use and which version of python. If you provide those details I will try to provide a more specific link.

Have a nice weekend!

You must be a registered user to add a comment. If you’ve already registered, sign in. Otherwise, register and sign in.

Thanks @Dario B — I am using Python 3.7 on Windows 10. As far as the certificates:

I had a few minutes today to run the openssl command above and got this:

.. I got back 2 different certificates. But it is not clear how to check what the certificate(s) is/are from the browser, so I wasn’t able to compare.

You must be a registered user to add a comment. If you’ve already registered, sign in. Otherwise, register and sign in.

In order to get the certificate from the browser you can click on the padlock icon next to the url in the address bar:

Also, as already outlined, there is no self-signed certificate anywhere and therefore if this was working fine before and it is not working now then either the CA store used by Windows changed, or something is hijacking the connection.

So, since you are able to reproduce the issue with CURL, can you double check the CA store used and the certificate returned by replacing the -D- switch with -vvv?

Please run the command and paste the output in your reply removing the sensitive content like in below example:

Lastly, not sure if this helps, I can see that there is a python package named certifi that includes the Mozilla CA bundle. For details see:

Have a nice weekend.

You must be a registered user to add a comment. If you’ve already registered, sign in. Otherwise, register and sign in.

Thanks — but something fascinating — I just tried to Python script again and it worked. Apparently because this time I «forgot» to get onto the corporate VPN, which I am normally on..

1. does this make sense/explain what my issue?
2. Would it still be beneficial would for me to re-run the curl/openssl commands twice — once on VPN and once not?

You must be a registered user to add a comment. If you’ve already registered, sign in. Otherwise, register and sign in.

Yes, that makes sense and I’d say that the mystery is solved (second scenario:
something is hijacking the connection). 🙂

Also, it can still make sense to compare the certificates you get when you use curl with and without the VPN, so that you can bring this issue to the attention of your IT department.

You must be a registered user to add a comment. If you’ve already registered, sign in. Otherwise, register and sign in.

Thanks so much @Dario B — I’ll follow up with my local IT.

You must be a registered user to add a comment. If you’ve already registered, sign in. Otherwise, register and sign in.

Thanks everyone for their advice. In the end, I just needed to copy the (Base 64) certificate for our VPN into «. PythonPython37Libsite-packagescertificacert.pem» and the REST API from Python worked like a charm.

You must be a registered user to add a comment. If you’ve already registered, sign in. Otherwise, register and sign in.

Thanks for updating this thread with the final solution @Larry Weisberg !

You must be a registered user to add a comment. If you’ve already registered, sign in. Otherwise, register and sign in.

The SSL certificate your call is presenting to the server is not valid. You will need to change to a valid certificate.

You must be a registered user to add a comment. If you’ve already registered, sign in. Otherwise, register and sign in.

JiraClient constructor does this:

And retrieve worklogs :

This is where failure occurs, where URL is just a REST api that does work from Browser; Also it used to work from this script.

Basically — where is the ssl Cert created, used in the code? Why/How would it have changed?

You must be a registered user to add a comment. If you’ve already registered, sign in. Otherwise, register and sign in.

I’m having some issues with accessing JIRA Cloud using my python script. I am using the bearer token authentication method. Previously, it also showed a 401 authentication error because of the SSL certification. Was wondering if you could help me with this. Thank you.

You must be a registered user to add a comment. If you’ve already registered, sign in. Otherwise, register and sign in.

Please notice that adding an unrelated reply a thread from 2 years ago that is marked as resolved (answer accepted) is not the best way to get help.

However, in short:

1. There’s no such thing as bearer token authentication for Jira Cloud REST API. The allowed authentication methods are the ones listed in: https://developer.atlassian.com/cloud/jira/platform/security-overview/
2. From what I see your script is (indeed) using basic authentication and not bearer token authentication.
3. In order to use basic authentication you have to provide an Atlassian account email address and API token, as explained in the following page: Basic auth for REST APIs
4. The code snippet you attached seems to have some generic placeholders data instead of real data and therefore there’s not much I can say, other that ‘ my-site.com’ is not a valid Jira Cloud URL and that you should provide email address and api token instead of username and bearer token.
5. As suggested/mentioned many times in this thread you may want to send the same request with CURL in order to double check whether the issue is with your code or with the data you are providing

Finally, if nothing helps, I strongly advise to create a new thread providing more details on what you are doing together with the error message as well as the same request sent using Curl (removing the sensitive data like email address and api token).

You must be a registered user to add a comment. If you’ve already registered, sign in. Otherwise, register and sign in.

Источник

I’m currently running into an error when attempting to connect to JIRA using Python2.7 and the JIRA REST API (http://jira-python.readthedocs.org/en/latest/).

When I execute the following:

from jira.client import JIRA

options = {
    'server': 'https://jira.companyname.com'
}
jira = JIRA(options)

I get the following error message in console:

requests.exceptions.SSLError: [Errno 1] _ssl.c:507: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

Is there something that I may have missed or am doing incorrectly?

Thanks!

I know I’m late on this answer, but hopefully this helps someone down the road.

Why you shouldn’t turn off verification

While turning off certificate verification is the easiest «solution», it is not an advisable thing to do. It essentially says, «I don’t care if I trust you or not, I’m going to send you all my information anyway.» This opens you up for a Man-in-the-Middle attack.

If you’re connecting to your company’s Jira server and it has a certificate for TLS/SSL, you should be verifying against that. I’d ask your IT department where that certificate is. It’s probably in some root certificate for your company.

If you’re connecting to the server in Chrome (for example) it should show a lock in the left-hand corner of address bar if it’s secured over TLS/SSL.

You can Right-Click that lock -> Details -> View Certificate in Chrome.

Okay, so what do I do?

Provide the necessary certificate to the verify option directly.

jira-python uses Requests for HTTP stuff (See documentation). And according to Requests documentation you can specify a path to a certificate file in verify.

Thus, you can provide the root certificate for your company in verify like so:

jira_options = {
    'server': jira_server_name,
    'verify': 'path/to/company/root/certificate',
}

If you’re using a Windows machine (a safe assumption?), that root certificate is stored in the registry and the best way to get it is using wincertstore.

Вопрос:

from jira.client import JIRA

options = {
'server': 'https://jira.companyname.com'
}
jira = JIRA(options)

requests.exceptions.SSLError: [Errno 1] _ssl.c:507: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

Лучший ответ:

jira_options = {
    'server': jira_server_name,
    'verify': 'path/to/company/root/certificate',
}

Ответ №1

    :param options: Specify the server and properties this client will use. Use a dict with any
of the following properties:
* server -- the server address and context path to use. Defaults to ``http://localhost:2990/jira``.
* rest_path -- the root REST path to use. Defaults to ``api``, where the JIRA REST resources live.
* rest_api_version -- the version of the REST resources under rest_path to use. Defaults to ``2``.
* verify -- Verify SSL certs. Defaults to ``True``.
* resilient -- If it should just retry recoverable errors. Defaults to `False`.

from jira.client import JIRA

options = {'server': 'https://jira.companyname.com','verify':False}
jira = JIRA(options)

Ответ №2

jira_options = {
'server': jira_server_name,
'verify': 'path/to/company/root/certificate.cer'
}