SLL Certificate Error

[numersoz]

Hi,

I'm having SSL certificate issues while connection to ADLS.

I don't see a way of disabling SSL verification or don't know of a way to add the VPN certificate.

My company is using Zscaler. I had similar issues with PIP installations, and I was able to add Zscaler certificate to PIP.INI. Is there a similar approach I can take for this package?

I'm using Anaconda 3.9 and latest package of azure-storage-file-datalake.

File c:\Users\*****\Anaconda3\lib\site-packages\utils\azure_utils.py:123, in DataLake.list_directory_contents(self, file_system, directory)
    121 file_system_client = self.service_client.get_file_system_client(file_system)
    122 paths = file_system_client.get_paths(path=directory)
--> 123 paths = [path.name for path in paths]
    125 return paths

File c:\Users\*****\Anaconda3\lib\site-packages\utils\azure_utils.py:123, in <listcomp>(.0)
    121 file_system_client = self.service_client.get_file_system_client(file_system)
    122 paths = file_system_client.get_paths(path=directory)
--> 123 paths = [path.name for path in paths]
    125 return paths

File c:\Users\*****\Anaconda3\lib\site-packages\azure\core\paging.py:128, in ItemPaged.__next__(self)
    126 if self._page_iterator is None:
    127     self._page_iterator = itertools.chain.from_iterable(self.by_page())
--> 128 return next(self._page_iterator)

File c:\Users\*****\Anaconda3\lib\site-packages\azure\core\paging.py:76, in PageIterator.__next__(self)
     74     raise StopIteration("End of paging")
     75 try:
...
--> 361     raise error
    362 if _is_rest(request):
    363     from azure.core.rest._requests_basic import RestRequestsTransportResponse

ServiceRequestError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1129)

[kristapratico]

Hi @numersoz thanks for your feedback, we'll investigate asap.

[jalauzon-msft]

Hi @numersoz Mert, the azure-storage-file-datalake package uses requests and therefore our default SSL cert comes from the certifi package.

To disable SSL verification or (I believe) specify a different SSL cert for your requests, you can use connection_verify and/or connection_cert keyword arguments on client construction which will modify the underlying transport from azure-core. https://github.com/Azure/azure-sdk-for-python/blob/04e4891c70a4297c015abb354696105632c08ff7/sdk/core/azure-core/azure/core/configuration.py#L99-L102

These keyword args should be accepted on any client constructor and should affect all requests made by that client. Hopefully this can help in your scenario. Thanks

[ghost]

Hi @numersoz. Thank you for opening this issue and giving us the opportunity to assist. We believe that this has been addressed. If you feel that further discussion is needed, please add a comment with the text “/unresolve” to remove the “issue-addressed” label and continue the conversation.

[ghost]

Hi @numersoz, since you haven’t asked that we “/unresolve” the issue, we’ll close this out. If you believe further discussion is needed, please add a comment “/unresolve” to reopen the issue.

[SSFullStackDev]

/unresolve I believe I am having the same error Getting scm site credentials for zip deployment Starting zip deployment. This operation can take a while to complete ... HTTPSConnectionPool(host='botkit-cms.scm.azurewebsites.net', port=443): Max retries exceeded with url: /api/zipdeploy?isAsync=true (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: certificate signature failure (_ssl.c:997)')))

[ghost]

Hi NrdWthaPythonScript, only the original author of the issue can ask that it be unresolved. Please open a new issue with your scenario and details if you would like to discuss this topic with the team.