2. 질의 응답
  3. 는 "인증서 확인 실패"nfa.sefaz.al.gov.br에 연결

는 "인증서 확인 실패"nfa.sefaz.al.gov.br에 연결

2017-01-23 4 views
0

코드 :는 "인증서 확인 실패"nfa.sefaz.al.gov.br에 연결

req = urllib2.Request("https://nfa.sefaz.al.gov.br/nfa/login.aspx",verify=False) 
content = opener.open(req)

예외 :

requests.exceptions.SSLError: ("bad handshake: Error([('SSL routines', 'SSL3_GET_SERVER_CERTIFICATE', 'certificate verify failed')],)",)

시스템 :

python --version 

Python 2.7.9 

certifi 2015.04.28

어떻게 해결?

출처

2017-01-23 Leandro Campos

+0

코드를 표시하십시오. 'verify = False'를 지정했을 때 * 어떻게 "certificate verify failed"*로 끝날까요? – jww

답변

0

수정 방법은 무엇입니까?

  1. TLS 1.0 사용 또는
  2. 사용 Server Name Indication
  3. 루트 위에 당신은 Autoridade Certificadora Raiz Brasileira V2
신뢰 :

당신은 파이썬에서 세 가지를 확인해야합니다

다음은 OpenSSL의 s_client을 사용한 빠른 디버그 세션입니다. 항목 (1)은 -tls1 옵션으로 충족됩니다. 항목 (2)는 -servername 옵션으로 충족됩니다.

항목 (3) 성취, 그리고 Verify return code: 20 (unable to get local issuer certificate)에 대한 이유가되지 않는다. CA 루트를 가져 와서 로컬로 가져 오면 -CAfile 옵션으로 지정할 수 있습니다.

s_client man page도 참조하십시오.

$ openssl s_client -connect nfa.sefaz.al.gov.br:443 -tls1 -servername nfa.sefaz.al.gov.br 
CONNECTED(00000003) 
depth=2 C = BR, O = ICP-Brasil, OU = Autoridade Certificadora Raiz Brasileira v2, CN = Autoridade Certificadora SERPRO v3 
verify error:num=20:unable to get local issuer certificate 
--- 
Certificate chain 
0 s:/C=BR/O=ICP-Brasil/OU=Equipamento A1/OU=ARSERPRO/OU=Autoridade Certificadora SERPROACF/CN=*.sefaz.al.gov.br 
    i:/C=BR/O=ICP-Brasil/OU=CSPB-1/OU=Servico Federal de Processamento de Dados - SERPRO/CN=Autoridade Certificadora do SERPRO Final v4 
1 s:/C=BR/O=ICP-Brasil/OU=CSPB-1/OU=Servico Federal de Processamento de Dados - SERPRO/CN=Autoridade Certificadora do SERPRO Final v4 
    i:/C=BR/O=ICP-Brasil/OU=Autoridade Certificadora Raiz Brasileira v2/CN=Autoridade Certificadora SERPRO v3 
2 s:/C=BR/O=ICP-Brasil/OU=Autoridade Certificadora Raiz Brasileira v2/CN=Autoridade Certificadora SERPRO v3 
    i:/C=BR/O=ICP-Brasil/OU=Instituto Nacional de Tecnologia da Informacao - ITI/CN=Autoridade Certificadora Raiz Brasileira v2 
--- 
Server certificate 
-----BEGIN CERTIFICATE----- 
MIIHfzCCBWegAwIBAgIDE60yMA0GCSqGSIb3DQEBCwUAMIGmMQswCQYDVQQGEwJC 
UjETMBEGA1UEChMKSUNQLUJyYXNpbDEPMA0GA1UECxMGQ1NQQi0xMTswOQYDVQQL 
EzJTZXJ2aWNvIEZlZGVyYWwgZGUgUHJvY2Vzc2FtZW50byBkZSBEYWRvcyAtIFNF 
UlBSTzE0MDIGA1UEAxMrQXV0b3JpZGFkZSBDZXJ0aWZpY2Fkb3JhIGRvIFNFUlBS 
TyBGaW5hbCB2NDAeFw0xNjExMTExNjUxNDVaFw0xNzExMTExNjUxNDVaMIGXMQsw 
CQYDVQQGEwJCUjETMBEGA1UEChMKSUNQLUJyYXNpbDEXMBUGA1UECxMORXF1aXBh 
bWVudG8gQTExETAPBgNVBAsTCEFSU0VSUFJPMSswKQYDVQQLEyJBdXRvcmlkYWRl 
IENlcnRpZmljYWRvcmEgU0VSUFJPQUNGMRowGAYDVQQDDBEqLnNlZmF6LmFsLmdv 
di5icjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOvLfJZg93UbffEo 
6KhMK5vc5Bp4L53D41wyfJe7mZxcXCmUMcIZE8LvDlN/LBx709BvZ7LbmBt3lofo 
8lKOOSFh4SyQWlk/ms8LBxjraqimyXdoGzMLLxDaE9O0wbaHzill+PpOP5MC8o1e 
pACQjTRbWzxoB3SxQ2fugpPOMs5wElEYlYAoG14JWmbKn21vrXTVeoq8pTtk7yfQ 
dMD6gz4TzKFKeOa1QyHIA6WNQw3TTM5jjPSd7Z2orGWXgqMcplDNTTYGi47iOJrj 
5ZHyqZN2l1Yc4SQRw76G42e2OhwXiLYVKy8nNEn4Z2wIgUZtYDoOge+P7rI6oLhC 
20ANnSUCAwEAAaOCAsEwggK9MB8GA1UdIwQYMBaAFGTbZ1uzlRdShIm072cgsAiJ 
fAdxMFkGA1UdIARSMFAwTgYGYEwBAgEQMEQwQgYIKwYBBQUHAgEWNmh0dHA6Ly9y 
ZXBvc2l0b3Jpby5zZXJwcm8uZ292LmJyL2RvY3MvZHBjc2VycHJvYWNmLnBkZjCB 
0QYDVR0fBIHJMIHGMDygOqA4hjZodHRwOi8vcmVwb3NpdG9yaW8uc2VycHJvLmdv 
di5ici9sY3IvYWNzZXJwcm9hY2Z2NC5jcmwwPqA8oDqGOGh0dHA6Ly9jZXJ0aWZp 
Y2Fkb3MyLnNlcnByby5nb3YuYnIvbGNyL2Fjc2VycHJvYWNmdjQuY3JsMEagRKBC 
hkBodHRwOi8vcmVwb3NpdG9yaW8uaWNwYnJhc2lsLmdvdi5ici9sY3Ivc2VycHJv 
L2Fjc2VycHJvYWNmdjQuY3JsMFYGCCsGAQUFBwEBBEowSDBGBggrBgEFBQcwAoY6 
aHR0cDovL3JlcG9zaXRvcmlvLnNlcnByby5nb3YuYnIvY2FkZWlhcy9hY3NlcnBy 
b2FjZnY0LnA3YjCB4wYDVR0RBIHbMIHYoCoGBWBMAQMIoCEEH1NFQ1JFVEFSSUEg 
RVhFQ1VUSVZBIERFIEZBWkVOREGCESouc2VmYXouYWwuZ292LmJyoDgGBWBMAQME 
oC8ELTI1MTExOTcwNDkwOTkyNjQ0NTMwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw 
MKAjBgVgTAEDAqAaBBhUQVJDSU8gUk9EUklHVUVTIEJFWkVSUkGgGQYFYEwBAwOg 
EAQOMTIyMDAxOTIwMDAxNjmBHXRhcmNpb2JlemVycmFAc2VmYXouYWwuZ292LmJy 
MA4GA1UdDwEB/wQEAwIF4DAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw 
DQYJKoZIhvcNAQELBQADggIBAKoZwgt/8ti+fPsxinL3pziMAPAoqONsO4VBWnpY 
J4puFiE+UZbx3GT1Zo+s4P6ztuKLo+lp3PDaFo1WeWYInc0qXUmWZ96RqZzOTjel 
fKVKTYaq3P65RoP3tE9bJn92vc7wqRZmKCdxiRzaMACPg/k76Nq9gVDkambSE2By 
yr0lYImWdiHwg1JOM6hUn+YXr5IfCoNmYmuqCODtWdvqwq62sYBcYoEFbJHlpBp6 
AVKm3cLM0r1Wv9nSbZjFEFCsepeoSDk6+b74f6JjlWCGMz6zCj6+wXebDndjfyQC 
VKS1mfIUC/3Ry89J/40cBn6q/dZdEbjqgwuCP3vgIwHWm+I3cIuZYpOGkUX4OuJU 
uhhn5vdCtu8+AGcoc8rPJ+6BZ8bh87Mz84tDUAd0x4yuKs7tE1ONAKr+Ip6GMfZw 
MIzgzHuoMnn+6daQnVnO2+jddh9i05ukpifzDs15KsyBwE5grSeTmQ0f5kTCzHWp 
xPvk3Ah1XL253C0vLzGcpaPdaybBM4HjnSWj8KrOp4w46cjhjxahz1CSEDxdLx8Q 
rqb/CxgKbHU2f+PL6sZKeHZlyJvVCf65x37rAriKsUX+YweB4Y5OH5SHraE4Nuyo 
L8ClR0It3xwV34joUw4nmKjFT5GadrBpF4C+6W3rcSVUbTBpxswYYff70JygLU3n 
5s9M 
-----END CERTIFICATE----- 
subject=/C=BR/O=ICP-Brasil/OU=Equipamento A1/OU=ARSERPRO/OU=Autoridade Certificadora SERPROACF/CN=*.sefaz.al.gov.br 
issuer=/C=BR/O=ICP-Brasil/OU=CSPB-1/OU=Servico Federal de Processamento de Dados - SERPRO/CN=Autoridade Certificadora do SERPRO Final v4 
--- 
No client certificate CA names sent 
--- 
SSL handshake has read 5883 bytes and written 551 bytes 
--- 
New, TLSv1/SSLv3, Cipher is AES128-SHA 
Server public key is 2048 bit 
Secure Renegotiation IS supported 
Compression: NONE 
Expansion: NONE 
No ALPN negotiated 
SSL-Session: 
    Protocol : TLSv1 
    Cipher : AES128-SHA 
    Session-ID: 230300002B3BC1AC0A9EB14A65B90D48E78CE00107A60E705497D9BDE8477B95 
    Session-ID-ctx: 
    Master-Key: 8F706B45691AC6487F0B62B2AA58B7E9C0586AC397EB3731C0BE4CC8791A341CEAA0CA53C7F74CB1239BD4A5E785D16E 
    Key-Arg : None 
    PSK identity: None 
    PSK identity hint: None 
    SRP username: None 
    Start Time: 1485222101 
    Timeout : 7200 (sec) 
    Verify return code: 20 (unable to get local issuer certificate)

출처

2017-01-24 01:46:25 jww

관련 문제

 관련 문제