by jonathan

Adding Self-Signed Certificates to Ubuntu Trust Store

I’ve been testing AXL calls using Python, and encountered the following error:

 

Traceback (most recent call last):
 File "./axl_test.py", line 14, in <module>
 result = client.service.listPhone({'name':'SEP%'},{'name':'','model':''})
 File "/usr/lib/python2.7/dist-packages/suds/client.py", line 566, in __call__
 return client.invoke(args, kwargs)
 File "/usr/lib/python2.7/dist-packages/suds/client.py", line 705, in invoke
 result = self.send(soapenv)
 File "/usr/lib/python2.7/dist-packages/suds/client.py", line 747, in send
 reply = self.options.transport.send(request)
 File "/usr/lib/python2.7/dist-packages/suds/transport/https.py", line 66, in send
 return HttpTransport.send(self, request)
 File "/usr/lib/python2.7/dist-packages/suds/transport/http.py", line 80, in send
 fp = self.u2open(u2request)
 File "/usr/lib/python2.7/dist-packages/suds/transport/http.py", line 127, in u2open
 return url.open(u2request, timeout=tm)
 File "/usr/lib/python2.7/urllib2.py", line 429, in open
 response = self._open(req, data)
 File "/usr/lib/python2.7/urllib2.py", line 447, in _open
 '_open', req)
 File "/usr/lib/python2.7/urllib2.py", line 407, in _call_chain
 result = func(*args)
 File "/usr/lib/python2.7/urllib2.py", line 1241, in https_open
 context=self._context)
 File "/usr/lib/python2.7/urllib2.py", line 1198, in do_open
 raise URLError(err)
urllib2.URLError: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590)>

 

This is an easy one, as I’m connecting from my Ubuntu machine to CUCM that’s has a self-signed certificate.  I need to add this to my Ubuntu trust store.

 

Steps to resolve are:

 

  1. Install mycertifcate.pem to local machine

  2. cp to /usr/local/share/ca-certificates

  3. Rename certificate to mycertificate.crt

  4. sudo update-ca-certificates

 

jonathan@mymachine:/usr/local/share/ca-certificates$ sudo update-ca-certificates
Updating certificates in /etc/ssl/certs…
1 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d…

Adding debian:mycertifcate.pem
done.
done.

 

The certificate will now be concatenated to /etc/ssl/certs/ca-certificates.crt and will be trusted as required.

Advertisement

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.