I am attempting to estabilish a https connection between 2 applications: 1 is a api in nodejs and the other is a python client application.
After reading about https and certificates i have created a self-signed certificate. To do so i used the following command:
openssl req -newkey rsa:2048 -nodes -keyout pvtkey.pem -x509 -days 365 -out domain.crt
And this to have the public key explicitely:
openssl rsa -in pvtkey.pem -pubout > pubkey.pem
Then on my python code i have the following line to make the request:
response = requests.post(endpoint, cert=("home/pi/se24-title.crt", "/home/pi/pvtkey.pem"), headers=self.headers, json=req_payload)
When i run to test my code i get the following error:
Max retries exceeded with url: /api/title
(Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')])")))
Previously i had also tried to install the crt to the trusted certificates and make the requests like this:
response = requests.post(endpoint, verify=True, headers=self.headers, json=req_payload)
but still have the same result.
What am i doing wrong? Could it be the certificate i have generated?
1 Answer 1
So i managed to figure out how to do it.
Somehow i must have missed some step along the way but this is how i ended up being able to install the self-signed-certificate:
STEPS:
1. Create a self-signed certificate
> openssl req -newkey rsa:2048 -nodes -keyout pvtkey.pem -x509 -days 365 -out domain.crt
2. Create the public key from the private key
> openssl rsa -in pvtkey.pem -pubout > pubkey.pem
3. To install the certificate on raspbian:
sudo mkdir /usr/local/share/ca-certificates/extra
sudo cp domain.crt /usr/local/share/ca-certificates/extra/domain.crt
sudo update-ca-certificates
Hope this helps other people with the same issue.