SSL3 Certificate Verify Failed when Connecting to JIRA API Using Python
I encountered a similar SSL certificate verification error and looking through the "JIRA" methods definitions, its possible to turn off the verification.
:param options: Specify the server and properties this client will use. Use a dict with any
of the following properties:
* server -- the server address and context path to use. Defaults to ``http://localhost:2990/jira``.
* rest_path -- the root REST path to use. Defaults to ``api``, where the JIRA REST resources live.
* rest_api_version -- the version of the REST resources under rest_path to use. Defaults to ``2``.
* verify -- Verify SSL certs. Defaults to ``True``.
* resilient -- If it should just retry recoverable errors. Defaults to `False`.
Try this :
from jira.client import JIRA
options = {'server': 'https://jira.companyname.com','verify':False}
jira = JIRA(options)
On Windows system please do the following:-
- Go to the website using google chrome, then click on Lock button.
- Now click on certificate, a new window pops up.
- Next click on Certification Path, select first option from list which will be root, then select View Certificate, another window pops up.
- Go to Details tab, click on Copy To File. Then click on Next, select Base-64 encoded x509.(CER) radio button, click on Next and save the .cer file locally.
Once the .cer file is obtained, add it to the python script as follows:-
jira_options = {
'server': jira_server_name,
'verify': 'path_to_directory_containing_certificate_file/certificate.cer'
}
This should work without any security warnings.
Just install python-certifi-win32 module, and this should help you get past these errors without any more hassle
I know I'm late on this answer, but hopefully this helps someone down the road.
Why you shouldn't turn off verification
While turning off certificate verification is the easiest "solution", it is not an advisable thing to do. It essentially says, "I don't care if I trust you or not, I'm going to send you all my information anyway." This opens you up for a Man-in-the-Middle attack.
If you're connecting to your company's Jira server and it has a certificate for TLS/SSL, you should be verifying against that. I'd ask your IT department where that certificate is. It's probably in some root certificate for your company.
If you're connecting to the server in Chrome (for example) it should show a lock in the left-hand corner of address bar if it's secured over TLS/SSL.
You can Right-Click that lock -> Details -> View Certificate
in Chrome.
Okay, so what do I do?
Provide the necessary certificate to the verify
option directly.
jira-python
uses Requests
for HTTP stuff (See documentation).
And according to Requests documentation
you can specify a path to a certificate file in verify
.
Thus, you can provide the root certificate for your company in verify
like so:
jira_options = {
'server': jira_server_name,
'verify': 'path/to/company/root/certificate',
}
If you're using a Windows machine (a safe assumption?), that root
certificate is stored in the registry and the best way to get it
is using wincertstore
.