SSL Certificate Verification – Python requests

Requests verifies SSL certificates for HTTPS requests, just like a web browser. SSL Certificates are small data files that digitally bind a cryptographic key to an organization’s details. Often, an website with a SSL certificate is termed as secure website. By default, SSL verification is enabled, and Requests will throw a SSLError if it’s unable to verify the certificate.

Disable SSL certificate verification

Let us try to access a website with an invalid SSL certificate, using Python requests

filter_none

edit
close

play_arrow

link
brightness_4
code

# import requests module
import requests
  
# Making a get request
response = requests.get('https://expired.badssl.com/')
  
# print request object
print(response)

chevron_right


Output :-
ssl-certificate-verification-python-requests
This website doesn’t have SSL setup so it raises this error.

To disable certificate verification, at the client side, one can use verify attribute.

filter_none

edit
close

play_arrow

link
brightness_4
code

# import requests module
import requests
  
# Making a get request
response = requests.get('https://expired.badssl.com/', verify = False)
  
# print request object
print(response)

chevron_right


Output
ssl-certificate-verification-python-requests-1



Since output response 200 is printed, we can assume that request was successful.

Manual SSL Verification

one can also pass the link to the certificate for validation via python requests only.

filter_none

edit
close

play_arrow

link
brightness_4
code

# import requests module
import requests
  
# Making a get request
response = requests.get('https://github.com', verify ='/path / to / certfile')
  
# print request object
print(response)

chevron_right


This would work in case the path provided is correct for SSL certificate for github.com.

Client Side Certificates

You can also specify a local cert to use as client side certificate, as a single file (containing the private key and the certificate) or as a tuple of both files’ paths:

>>> requests.get('https://kennethreitz.org', cert=('/path/client.cert', '/path/client.key'))

or persistent:

s = requests.Session()
s.cert = '/path/client.cert'

If you specify a wrong path or an invalid cert, you’ll get a SSLError:

>>> requests.get('https://kennethreitz.org', cert='/wrong_path/client.pem')
SSLError: [Errno 336265225] _ssl.c:347: error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib

Attention geek! Strengthen your foundations with the Python Programming Foundation Course and learn the basics.

To begin with, your interview preparations Enhance your Data Structures concepts with the Python DS Course.




My Personal Notes arrow_drop_up

Software Developer at GeeksForGeeks

If you like GeeksforGeeks and would like to contribute, you can also write an article using contribute.geeksforgeeks.org or mail your article to contribute@geeksforgeeks.org. See your article appearing on the GeeksforGeeks main page and help other Geeks.

Please Improve this article if you find anything incorrect by clicking on the "Improve Article" button below.


Article Tags :

Be the First to upvote.


Please write to us at contribute@geeksforgeeks.org to report any issue with the above content.