Server SSL Error

2100
7
11-01-2016 05:14 PM
Highlighted
Regular Contributor

all,

    so we are now testing 10.4.1 that we've just installed...

we havent had any issues running the process of rebuilding tiles and then out of nowhere we get this...

SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590)

we are using the self signed certificate that comes with the server install, and havent changed anything, not sure why out of nowhere we get this error.

thanks

dave

Reply
0 Kudos
7 Replies
Highlighted
Regular Contributor

So a Google search on that error message shows multiple instances where people report the error and it always is a python coding issue. Since you haven't indicated the use of anything you built in python I'd assume you are just using ESRI out-of-the-box tools to handle tiling. That makes it a little odd but I'd say step 1 would be to start at the basics.

1) Launch MS Certificate Manager (certmgr.msc) and ensure the self signed certificate has been added at least to the personal folder. Once added open the certificate and ensure the last tab on right "Certification Path" that the "Certificate Status:" box at bottom states "This certificate is OK.". If this message isn't here you need to provide any missing pieces in the path from the top box.

2) Go to http://gisserver.domain.com:6080/arcgis/admin or the appropriate path you configured for ArcGIS Server Administrator Directory. Follow the path in below image for each machine and ensure the certificate is available and correct

If the selfsignedcert is missing it can be added from this page using the "importExistingServerCertificate" operation.

If both of these are fine and correct then maybe the next step is to walk through the permissions levels of your user across the steps. Ensure all the NTFS permissions are established at both the Read data location and the write location of the tiles. Ensure the user has appropriate permissions to generate the token the process is attempting to use by doing a manual token generation at http://gisserver.domain.com:6080/arcgis/tokens

Highlighted
Esteemed Contributor

Scott:

What parameters need to be filled out for the ArcGIS Token Service to work?  I just entered an appropriate username and password but was presented with the "Client id cannot be determined" error.

Reply
0 Kudos
Highlighted
Regular Contributor

Scott

  thank you for the reply!

   and my apologies, i forgot to mention that we are using python to automate the tiling process.

            and yes, we are using esri "out of the box"

thanks again

dave

Reply
0 Kudos
Highlighted
Regular Contributor

Ah OK that makes a bit more sense. So then it might be something worth posting your python code to the "Python" discussions and someone can help you pinpoint things if it's a code issue. Doing a Google search on the code ssl.c:590 will quickly give you some possible troubleshooting steps though.

Perhaps take a look at these as well https://confluence.atlassian.com/sourcetreekb/resolving-ssl-self-signed-certificate-errors-284368425...

https://access.redhat.com/articles/2039753

Reply
0 Kudos
Highlighted
Esri Frequent Contributor

You can either export the self signed certificate from your browser or the Server Admin API and import it into your Trusted Root Certificate Store or add some lines within your script to ignore certificate validation errors:

python - "SSL: CERTIFICATE_VERIFY_FAILED" Error - Stack Overflow 

Highlighted
Regular Contributor

so i figured i would update....

    just decided to create a new certificate for our domain....all works fine (i think had i added the self signed to the trusted store it would have worked as well)

thanks again

dave

Reply
0 Kudos
Highlighted
New Contributor III


I found this topic when adapting my python script to START and STOP mapservices for HTTPS.

My solution for working with HTPPS connections is the following diference in creating the connection object

Normal HTTP:
   httpConn = httplib.HTTPConnection(serverName, serverPort)

With HTTPS
   httpConn = httplib.HTTPSConnection(serverName, serverPort,context=ssl._create_unverified_context())

The last line indicates to ignore the certificate.

For the script I import the following: import httplib, urllib, json, ssl

See also: http://stackoverflow.com/questions/5319430/how-do-i-have-python-httplib-accept-untrusted-certs

Reply
0 Kudos