SSL3 Certificate Verify Failed when Connecting to JIRA API Using Python

I encountered a similar SSL certificate verification error and looking through the "JIRA" methods definitions, its possible to turn off the verification.

    :param options: Specify the server and properties this client will use. Use a dict with any
     of the following properties:
      * server -- the server address and context path to use. Defaults to ``http://localhost:2990/jira``.
      * rest_path -- the root REST path to use. Defaults to ``api``, where the JIRA REST resources live.
      * rest_api_version -- the version of the REST resources under rest_path to use. Defaults to ``2``.
      * verify -- Verify SSL certs. Defaults to ``True``.
      * resilient -- If it should just retry recoverable errors. Defaults to `False`.

Try this :

from jira.client import JIRA

options = {'server': 'https://jira.companyname.com','verify':False}
jira = JIRA(options)

On Windows system please do the following:-

  1. Go to the website using google chrome, then click on Lock button.
  2. Now click on certificate, a new window pops up.
  3. Next click on Certification Path, select first option from list which will be root, then select View Certificate, another window pops up.
  4. Go to Details tab, click on Copy To File. Then click on Next, select Base-64 encoded x509.(CER) radio button, click on Next and save the .cer file locally.

Once the .cer file is obtained, add it to the python script as follows:-

jira_options = {
    'server': jira_server_name,
    'verify': 'path_to_directory_containing_certificate_file/certificate.cer'
}

This should work without any security warnings.


Just install python-certifi-win32 module, and this should help you get past these errors without any more hassle


I know I'm late on this answer, but hopefully this helps someone down the road.

Why you shouldn't turn off verification

While turning off certificate verification is the easiest "solution", it is not an advisable thing to do. It essentially says, "I don't care if I trust you or not, I'm going to send you all my information anyway." This opens you up for a Man-in-the-Middle attack.

If you're connecting to your company's Jira server and it has a certificate for TLS/SSL, you should be verifying against that. I'd ask your IT department where that certificate is. It's probably in some root certificate for your company.

If you're connecting to the server in Chrome (for example) it should show a lock in the left-hand corner of address bar if it's secured over TLS/SSL.

You can Right-Click that lock -> Details -> View Certificate in Chrome.

Okay, so what do I do?

Provide the necessary certificate to the verify option directly.

jira-python uses Requests for HTTP stuff (See documentation). And according to Requests documentation you can specify a path to a certificate file in verify.

Thus, you can provide the root certificate for your company in verify like so:

jira_options = {
    'server': jira_server_name,
    'verify': 'path/to/company/root/certificate',
}

If you're using a Windows machine (a safe assumption?), that root certificate is stored in the registry and the best way to get it is using wincertstore.

Tags:

Python

Python 2.7

Jira

Jira Rest Api

Related

What is the difference between jQuery off() and unbind() implicit declaration of function ‘strtok_r’ [-Wimplicit-function-declaration] inspite including <string.h> Grep files containing two or more occurrence of a specific string How can I reformat code in MATLAB editor? Running gradle's connectedAndroidTest on a specific device Convert string in scientific notation to number format in XPath Ajax Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource how to remove default-jre java installation from Ubuntu? Validate URL query string with regex MongoDB Connection String to Replica Set How to mock another method in the same class which is being tested? Checking if a dir. entry returned by readdir is a directory, link or file. dent->d_type isn't showing the type

Recent Posts