SSL validation failed

dakd03 · November 4, 2024, 7:48am

I am using the boto3 api to retrieve data from Foundry using the s3-compatible API.
I am using this code

session = boto3.session.Session()
client = session.client(service_name='sts', endpoint_url=endpoint)

However, I get this error.

botocore.exceptions.SSLError: SSL validation failed for <ENDPOINT> [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1122)

How do I resolve this?

redboyben · November 14, 2024, 11:15am

The error you are encountering is due to SSL certificate verification failure. Here are two ways that could resolve this issue:

Add the custom certificate to your system’s truststore:

Obtain the SSL certificate from the endpoint.
Add the certificate to your system’s truststore. This process varies depending on your operating system. For example, on Linux, you can use the update-ca-certificates command.

Configure boto3 to use the custom certificate:

Obtain the SSL certificate from the endpoint and save it as a .pem file.
Upload it into Foundry with the right permissions (potentially a marking as this is sensitive data).
Configure boto3 to use this certificate by setting the verify parameter in the session.client method:

import boto3

from transforms.api import transform, Input
import io

@transform(
    certificate_dataset=Input("certificate_dataset")
)
def compute(ctx, certificate_dataset):
    # Access the FileSystem object
    fs = certificate_dataset.filesystem()
    
    # Assuming the .pem file is named 'certificate.pem'
    pem_file_path = 'certificate.pem'
    
    # Open and read the content of the .pem file
    with fs.open(pem_file_path, 'r') as pem_file:
        certificate_content = pem_file.read()
    
     session = boto3.session.Session()
     client = session.client(
        service_name='sts',
        endpoint_url=endpoint,
        verify=certificate_content
    )