SSL: CERTIFICATE_VERIFY_FAILED
error for an app
If you see a CERTIFICATE_VERIFY_FAILED
error for an app, you can set the
verify
option in the app.config
file to configure the default SSL
verification for the app.
Symptoms
You see aCERTIFICATE_VERIFY_FAILED
error for an app.Diagnosing the problem
You see an error similar to the following:------------------------ Running selftest for: 'fn-cisco-wsa' ------------------------ fn-cisco-wsa:
Checking Cisco WSA connectivity and credentials...! HTTPSConnectionPool(host='10.10.10.10', port=6443): Max retries exceeded with url:
/wsa/api/v3.0/generic_resources/auth_settings (Caused by SSLError(SSLCertVerificationError(1, '[SSL:
CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate (_ssl.c:1129)')))
IntegrationError("HTTPSConnectionPool(host='10.10.10.10', port=443): Max retries exceeded with url:
/wsa/api/v3.0/generic_resources/auth_settings (Caused by SSLError(SSLCertVerificationError(1, '[SSL:
CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate (_ssl.c:1129)')))") selftest: failure
selftest output: {'state': 'failure', 'reason': 'IntegrationError("HTTPSConnectionPool(host=\'10.10.10.10\', port=443):
Max retries exceeded with url: /wsa/api/v3.0/generic_resources/auth_settings (Caused by
SSLError(SSLCertVerificationError(1, \'[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed
certificate (_ssl.c:1129)\')))")'} Elapsed time: 0.022000 seconds ERROR: running selftest for App. Error Code: 1
Resolving the problem
Set theverify
option in the app's app.config
file to
configure the default SSL verification for the app. For more information, see Advanced configuration settings.