06-19-2020 08:06 AM
Occasional Contributor III

I recently ran into this problem and want to share it with the community.  My application started failing a couple of weeks ago on a couple of API calls with this SSL error.  In both cases my code was passing a URL into the API - one to create a feature service and the other to upload a thumbnail. So it was easy to figure out which URLs were causing the problem. Usually I copy the URL into a browser on the same system, let it fail with the SSL error, then use the browser UI to inspect the server certificate and decide what to do from there.  This time however, the browser was able to access the URL successfully. This surprised me since I believe Python and the browser (Chrome) use the same local certificate store. I started Windows certmgr and checked the certificates under "Trusted Root Certification Authorities" and all of the signers in the certificate path had a valid certificate.  To make a long story short I eventually looked under "Intermediate Certification Authorities" and found that one of the signers in the chain had an expired certificate (in addition to the valid certificate under "Trusted Root Certification Authorities").  So evidently Chrome and Python (I think the API uses the urllib package to be more precise) handle this situation differently - Chrome seems to ignore the expired certificate, which Python rejects the connection attempt.

Tags (2)
0 Kudos
0 Replies