当我使用python boto连接到AWS ec2时，它显示SSLError:[SSL:CERTIFICATE_VERIFY_FAILED]证书验证失败(_ssl.c:661)

本文介绍了当我使用python boto连接到AWS ec2时，它显示SSLError:[SSL:CERTIFICATE_VERIFY_FAILED]证书验证失败(_ssl.c:661)的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！

问题描述

我正在使用Windows 10操作系统.

I'm using Windows 10 OS.

我想计算AWS的IP地址数.

I want to count the number of IP Address of AWS.

我使用python 2.7.14和boto 2.6.0

我添加一个名为boto.config的文件，找到C:\ Users \ Administrator文件夹

I add a file which name is boto.config locate C:\Users\Administrator folder

boto.config的内容是:

The content of the boto.config is:

[Credentials]

aws_access_key_id=******

aws_secret_access_key=*****

脚本是:

#!/usr/bin/env python

# -*- encoding: utf8 -*-

import boto.ec2

from pprint import pprint

import ssh

import requests

import urllib3

import certifi

import ssl

conn = boto.ec2.connect_to_region('cn-north-1')

reservations = conn.get_all_instances()

InstanceMap=[]

for reservation in reservations:

    for instance in reservation.instances:

        if 'env' in instance.tags and instance.tags['env'] == 'test':

            InstanceMap.append(instance.ip_address)

f = open('F:\ip.txt','w')

pprint(InstanceMap, f)

当我运行此脚本时，它显示出错误的形成:

When I run this script, it show the error formation:

我可以用什么方法解决这个问题?

What's the method can I solve this problem ?

推荐答案

我在Windows 10机器上的boto3和Python 3.7遇到相同的问题.事实证明，由于我使用的是安装了Proxy的公司设备，因此* .amazonaws.com证书已被Proxy证书取代.此代理证书链需要Python certifi模块信任.不管您是否有代理，下面的方法都可以解决SSL: CERTIFICATE_VERIFY_FAILED错误.

I was having same issue with boto3 and Python 3.7 on Windows 10 machine. As it turned out, since I was using corporate device with Proxy installed, *.amazonaws.com certificate was getting replaced by the Proxy certificate. This Proxy certificate chain needed to be trusted by Python certifi module. Whether or not, you have a proxy, below method should resolve SSL: CERTIFICATE_VERIFY_FAILED error.

这是我为解决此问题所做的工作-

Here is what I did, to resolve the issue -

找到cacert.pem所在的路径-

import certifi
certifi.where()
C:\\Users\\[UserID]\\AppData\\Local\\Programs\\Python\\Python37-32\\lib\\site-packages\\certifi\\cacert.pem

将AWS_CA_BUNDLE环境变量设置为cacert.pem路径-

Set AWS_CA_BUNDLE environment variable to the cacert.pem path -

AWS_CA_BUNDLE=C:\Users\[UserID]\AppData\Local\Programs\Python\Python37-32\Lib\site-packages\certifi\cacert.pem

从amazonaws.com URL下载证书链.例如:在浏览器上转到 https://sts.amazonaws.com/xyz 并导出Root ，所有中间证书，域cert并另存为base64编码的.cer文件.在记事本中打开证书，复制所有内容.

Download the chain of certificates from amazonaws.com URL. For example: Go to https://sts.amazonaws.com/xyz on a browser and export Root, all the intermediate certificates, domain cert and save as base64 encoded .cer file. Open the certificates in notepad, copy all the contents.

现在在记事本中打开cacert.pem，然后在最后添加每个下载的证书内容(---Begin Certificate--- *** ---End Certificate---).

Now open the cacert.pem in a notepad and just add every downloaded certificate contents (---Begin Certificate--- *** ---End Certificate---) at the end.

重新启动命令行提示符或PowerShell，应解决SSL验证错误.

Restart the command line prompt or PowerShell, SSL verification error should be resolved.

这篇关于当我使用python boto连接到AWS ec2时，它显示SSLError:[SSL:CERTIFICATE_VERIFY_FAILED]证书验证失败(_ssl.c:661)的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！