I am setting up the SSL layer on RabbitMQ on both server and clients. But the clients are failing when creating the connection to the server. At this point I am running the RabbitMQ server on a docker locally and the client locally using a conda environment.
Once the RabbitMQ server is up I see that the secure connection is accepting incoming connections:
test-rabbitmq-1 | 2023-01-20 08:22:01.692731+00:00 [info] <0.726.0> started TCP listener on [::]:5672
test-rabbitmq-1 | 2023-01-20 08:22:01.694836+00:00 [info] <0.746.0> started TLS (SSL) listener on [::]:7575
But the client refuses to connect with:
(rabbitmq-test) ➜ RabbitMQ-TSL ✗ python3 test.py
Enter PEM pass phrase: ********
INFO:pika.adapters.utils.connection_workflow:Pika version 1.3.1 connecting to ('127.0.0.1', 7575)
INFO:pika.adapters.utils.io_services_utils:Socket connected: <socket.socket fd=6, family=AddressFamily.AF_INET, type=SocketKind.SOCK_STREAM, proto=6, laddr=('127.0.0.1', 43142), raddr=('127.0.0.1', 7575)>
ERROR:pika.adapters.utils.io_services_utils:SSL do_handshake failed: error=SSLZeroReturnError(6, 'TLS/SSL connection has been closed (EOF) (_ssl.c:997)'); <ssl.SSLSocket fd=6, family=AddressFamily.AF_INET, type=SocketKind.SOCK_STREAM, proto=6, laddr=('127.0.0.1', 43142), raddr=('127.0.0.1', 7575)>
Traceback (most recent call last):
File "/.../.local/lib/python3.10/site-packages/pika/adapters/utils/io_services_utils.py", line 636, in _do_ssl_handshake
self._sock.do_handshake()
File "/usr/lib/python3.10/ssl.py", line 1342, in do_handshake
self._sslobj.do_handshake()
ssl.SSLZeroReturnError: TLS/SSL connection has been closed (EOF) (_ssl.c:997)
ERROR:pika.adapters.utils.connection_workflow:Attempt to create the streaming transport failed: SSLZeroReturnError(6, 'TLS/SSL connection has been closed (EOF) (_ssl.c:997)'); 'localhost'/(<AddressFamily.AF_INET: 2>, <SocketKind.SOCK_STREAM: 1>, 6, '', ('127.0.0.1', 7575)); ssl=True
ERROR:pika.adapters.utils.connection_workflow:AMQPConnector - reporting failure: AMQPConnectorTransportSetupError: SSLZeroReturnError(6, 'TLS/SSL connection has been closed (EOF) (_ssl.c:997)')
ERROR:pika.adapters.utils.connection_workflow:AMQP connection workflow failed: AMQPConnectionWorkflowFailed: 1 exceptions in all; last exception - AMQPConnectorTransportSetupError: SSLZeroReturnError(6, 'TLS/SSL connection has been closed (EOF) (_ssl.c:997)'); first exception - None.
ERROR:pika.adapters.utils.connection_workflow:AMQPConnectionWorkflow - reporting failure: AMQPConnectionWorkflowFailed: 1 exceptions in all; last exception - AMQPConnectorTransportSetupError: SSLZeroReturnError(6, 'TLS/SSL connection has been closed (EOF) (_ssl.c:997)'); first exception - None
ERROR:pika.adapters.blocking_connection:Connection workflow failed: AMQPConnectionWorkflowFailed: 1 exceptions in all; last exception - AMQPConnectorTransportSetupError: SSLZeroReturnError(6, 'TLS/SSL connection has been closed (EOF) (_ssl.c:997)'); first exception - None
ERROR:pika.adapters.blocking_connection:Error in _create_connection().
Traceback (most recent call last):
File "/.../.local/lib/python3.10/site-packages/pika/adapters/blocking_connection.py", line 451, in _create_connection
raise self._reap_last_connection_workflow_error(error)
File "/.../.local/lib/python3.10/site-packages/pika/adapters/utils/io_services_utils.py", line 636, in _do_ssl_handshake
self._sock.do_handshake()
File "/usr/lib/python3.10/ssl.py", line 1342, in do_handshake
self._sslobj.do_handshake()
ssl.SSLZeroReturnError: TLS/SSL connection has been closed (EOF) (_ssl.c:997)
Traceback (most recent call last):
File "/.../test.py", line 16, in <module>
with pika.BlockingConnection(conn_params) as conn:
File "/.../.local/lib/python3.10/site-packages/pika/adapters/blocking_connection.py", line 360, in __init__
self._impl = self._create_connection(parameters, _impl_class)
File "/.../.local/lib/python3.10/site-packages/pika/adapters/blocking_connection.py", line 451, in _create_connection
raise self._reap_last_connection_workflow_error(error)
File "/.../.local/lib/python3.10/site-packages/pika/adapters/utils/io_services_utils.py", line 636, in _do_ssl_handshake
self._sock.do_handshake()
File "/usr/lib/python3.10/ssl.py", line 1342, in do_handshake
self._sslobj.do_handshake()
ssl.SSLZeroReturnError: TLS/SSL connection has been closed (EOF) (_ssl.c:997)
Any idea of what I am not setting properly on pika or at the RabbitMQ server?
On the server side I set the SSL layer at rabbitmq.conf as:
# Enable AMQPS
listeners.ssl.default = 7575
ssl_options.cacertfile = /etc/rabbitmq/cer/ca_certificate.pem
ssl_options.certfile = /etc/rabbitmq/cer/server_certificate.pem
ssl_options.keyfile = /etc/rabbitmq/cer/server_key.pem
ssl_options.verify = verify_peer
ssl_options.fail_if_no_peer_cert = true
# Enable HTTPS
management.listener.port = 15671
management.listener.ssl = true
management.listener.ssl_opts.cacertfile = /etc/rabbitmq/cer/ca_certificate.pem
management.listener.ssl_opts.certfile = /etc/rabbitmq/cer/server_certificate.pem
management.listener.ssl_opts.keyfile = /etc/rabbitmq/cer/server_key.pem
The docker compose file contains:
version: '3.8'
services:
rabbitmq:
image: rabbitmq:3-management
hostname: rabbitmq-server
volumes:
- ./rabbitmq-config/rabbitmq-cert:/etc/rabbitmq/cer
- ./rabbitmq-config/rabbitmq.conf:/etc/rabbitmq/rabbitmq.conf
- ./rabbitmq/data:/var/lib/rabbitmq/mnesia/rabbit#my-rabbit
- ./rabbitmq/logs:/var/log/rabbitmq/log
ports:
- 5672:5672
- 7575:7575
- 15672:15672
Then, and to simply, I am using the demo client from RabbitMQ's guide as:
import logging
import pika
import ssl
from pika.credentials import ExternalCredentials
logging.basicConfig(level=logging.INFO)
context = ssl.create_default_context(
cafile = '/rabbitmq-config/rabbitmq-cert/ca_certificate.pem'
)
context.load_cert_chain(
'/rabbitmq-config/rabbitmq-cert/client_certificate.pem',
'/rabbitmq-config/rabbitmq-cert/client_key.pem'
)
ssl_options = pika.SSLOptions(context, "localhost")
conn_params = pika.ConnectionParameters(
port = 7575,
ssl_options = ssl_options,
credentials = ExternalCredentials()
)
with pika.BlockingConnection(conn_params) as conn:
ch = conn.channel()
ch.queue_declare("foobar")
ch.basic_publish("", "foobar", "Hello, world!")
print(ch.basic_get("foobar"))
Your Python code is set up to do X509 certificate authentication (you're not using username/password but are using ExternalCredentials). However, you have not configured RabbitMQ to accept X509 certificates for authentication (docs).
The Pika docs need to be updated, so I opened this issue - https://github.com/pika/pika/issues/1413
You would probably get a hint of this if you look at the RabbitMQ log file at the time your Python client tries to connect.
In order to enable X509 certificate authentication, do the following:
rabbitmq-plugins enable rabbitmq_auth_mechanism_ssl (docs)
Edit your rabbitmq.conf file and add the following section:
auth_mechanisms.1 = PLAIN
auth_mechanisms.1 = AMQPLAIN
auth_mechanisms.1 = EXTERNAL
Restart RabbitMQ
Add a password-less user that exactly matches the CN= value in your client certificate: rabbitmqctl add_user 'foobar, O=baz'. You can also get this value by attempting to connect after making the above changes. The failed auth attempt will be logged.
If you continue to have problems, I suggest asking on the mailing list as this is not a good forum for detailed analysis.
NOTE: the RabbitMQ team monitors the rabbitmq-users mailing list and only sometimes answers questions on StackOverflow.
Related
I am using Python 3.7. I have a sockstunnel server running in docker mode, and today from the command-line I would like to have the client started and to talk to that tunnel server, but somehow it fails. here is my client code looks like:
import asyncio
...
def socks_tunnel_client(tunnel_host, tunnel_port, socks_host, ssl_ca_file, ssl_cert_file, ssl_key_file):
ssl_ctx_client = ssl.create_default_context(ssl.Purpose.SERVER_AUTH)
ssl_ctx_client.check_hostname = False
ssl_ctx_client.options |= (
ssl.OP_NO_TLSv1 | ssl.OP_NO_TLSv1_1 | ssl.OP_NO_COMPRESSION
)
ssl_ctx_client.set_ciphers("ECDHE-RSA-AES128-GCM-SHA256")
ssl_ctx_client.load_verify_locations(ssl_ca_file)
ssl_ctx_client.load_cert_chain(certfile=ssl_cert_file, keyfile=ssl_key_file)
loop = asyncio.get_event_loop()
# Each client connection will create a new protocol instance
coro_tunnel = loop.create_connection(
lambda: TunnelServer(is_server=False),
tunnel_host,
tunnel_port,
ssl=ssl_ctx_client,
)
loop.run_until_complete(coro_tunnel)
...
I have provided an ssl_ca_file file to make that client call. and when it is to step at line of "loop.run_until_complete(coro_tunnel)", it fails with such messages:
loop.run_until_complete(coro_tunnel)
File "/usr/lib/python3.7/asyncio/base_events.py", line 587, in run_until_complete
return future.result()
File "/usr/lib/python3.7/asyncio/base_events.py", line 989, in create_connection
ssl_handshake_timeout=ssl_handshake_timeout)
File "/usr/lib/python3.7/asyncio/base_events.py", line 1017, in _create_connection_transport
await waiter
File "/usr/lib/python3.7/asyncio/sslproto.py", line 530, in data_received
ssldata, appdata = self._sslpipe.feed_ssldata(data)
File "/usr/lib/python3.7/asyncio/sslproto.py", line 189, in feed_ssldata
self._sslobj.do_handshake()
File "/usr/lib/python3.7/ssl.py", line 774, in do_handshake
self._sslobj.do_handshake()
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1091)
So my questions:
What does that mean, and how to solve that issue ?
"IF" the provided ssl_ca_file not good enough,(I was told to use this file, but I am not 100% sure), is there a way to by-pass this checking ? Someone mentioned to set "ssl_verify=False" to work around, but I could not figure out how to make this happen.
Thanks a lot for the help.
Jack
I am trying to develop a python script to send an email using a GMail account and seem to be encountering an SSL Certificate issue. I have enabled the option to let less secure apps access my gmail account. Could anyone please help me to identify what I am doing wrong as I am getting this error:
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:997) - Detailed stack trace is below.
import smtplib, ssl
class Mail:
def __init__(self):
self.port = 465
self.smtp_server_domain_name = "smtp.gmail.com"
self.sender_mail = "some.email#gmail.com"
self.password = "Password#123"
def send(self, emails, subject, content):
ssl_context = ssl.create_default_context()
service = smtplib.SMTP_SSL(self.smtp_server_domain_name, self.port, context=ssl_context)
service.login(self.sender_mail, self.password)
for email in emails:
result = service.sendmail(self.sender_mail, email, f"Subject: {subject}\n{content}")
service.quit()
if __name__ == '__main__':
mails = input("Enter emails: ").split()
subject = input("Enter subject: ")
content = input("Enter content: ")
mail = Mail()
mail.send(mails, subject, content)
Stacktrace is below:
Traceback (most recent call last):
File "/Users/prashanth/PycharmProjects/pythonTools/Mail.py", line 29, in <module>
mail.send(mails, subject, content)
File "/Users/prashanth/PycharmProjects/pythonTools/Mail.py", line 14, in send
service = smtplib.SMTP_SSL(self.smtp_server_domain_name, self.port, context=ssl_context)
File "/Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/smtplib.py", line 1050, in __init__
SMTP.__init__(self, host, port, local_hostname, timeout,
File "/Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/smtplib.py", line 255, in __init__
(code, msg) = self.connect(host, port)
File "/Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/smtplib.py", line 341, in connect
self.sock = self._get_socket(host, port, self.timeout)
File "/Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/smtplib.py", line 1057, in _get_socket
new_socket = self.context.wrap_socket(new_socket,
File "/Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/ssl.py", line 512, in wrap_socket
return self.sslsocket_class._create(
File "/Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/ssl.py", line 1070, in _create
self.do_handshake()
File "/Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/ssl.py", line 1341, in do_handshake
self._sslobj.do_handshake()
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:997)
Process finished with exit code 1
My Environment:
MacOS Big Sur 11.6.5
Python : 3.10
My code:
from telethon import TelegramClient, connection
import logging
logging.basicConfig(format='[%(levelname) 5s/%(asctime)s] %(name)s: %(message)s',
level=logging.DEBUG)
api_id = 1234567
api_hash = '1234567890abcdef1234567890abcdef'
client = TelegramClient('anon', api_id, api_hash)
client.start()
I'm trying to connect to telegram via a telethon, but I always get this error:
[DEBUG/2020-06-05 11:40:42,860] asyncio: Using selector: SelectSelector
[ INFO/2020-06-05 11:40:43,006] telethon.network.mtprotosender: Connecting to 1.1.1.1:111/TcpFull...
[DEBUG/2020-06-05 11:40:43,009] telethon.network.mtprotosender: Connection attempt 1...
[WARNING/2020-06-05 11:40:53,011] telethon.network.mtprotosender: Attempt 1 at connecting failed: TimeoutError:
[DEBUG/2020-06-05 11:40:54,024] telethon.network.mtprotosender: Connection attempt 2...
[WARNING/2020-06-05 11:41:04,026] telethon.network.mtprotosender: Attempt 2 at connecting failed: TimeoutError:
[DEBUG/2020-06-05 11:41:05,059] telethon.network.mtprotosender: Connection attempt 3...
[WARNING/2020-06-05 11:41:15,061] telethon.network.mtprotosender: Attempt 3 at connecting failed: TimeoutError:
[DEBUG/2020-06-05 11:41:16,084] telethon.network.mtprotosender: Connection attempt 4...
[WARNING/2020-06-05 11:41:26,086] telethon.network.mtprotosender: Attempt 4 at connecting failed: TimeoutError:
[DEBUG/2020-06-05 11:41:27,088] telethon.network.mtprotosender: Connection attempt 5...
[WARNING/2020-06-05 11:41:37,076] telethon.network.mtprotosender: Attempt 5 at connecting failed: TimeoutError:
[DEBUG/2020-06-05 11:41:38,079] telethon.network.mtprotosender: Connection attempt 6...
[WARNING/2020-06-05 11:41:48,093] telethon.network.mtprotosender: Attempt 6 at connecting failed: TimeoutError:
Traceback (most recent call last):
File "C:\Users\xxx\AppData\Local\Programs\Python\Python37-32\cfc.py", line 11, in
client.start()
File "C:\Users\xxx\AppData\Roaming\Python\Python37\site-packages\telethon\client\auth.py", line 132, in start
else self.loop.run_until_complete(coro)
File "C:\Users\xxx\AppData\Local\Programs\Python\Python37-32\lib\asyncio\base_events.py", line 579, in run_until_complete
return future.result()
File "C:\Users\xxx\AppData\Roaming\Python\Python37\site-packages\telethon\client\auth.py", line 139, in _start
await self.connect()
File "C:\Users\xxx\AppData\Roaming\Python\Python37\site-packages\telethon\client\telegrambaseclient.py", line 478, in connect
proxy=self._proxy
File "C:\Users\xxx\AppData\Roaming\Python\Python37\site-packages\telethon\network\mtprotosender.py", line 125, in connect
await self._connect()
File "C:\Users\xxx\AppData\Roaming\Python\Python37\site-packages\telethon\network\mtprotosender.py", line 250, in _connect
raise ConnectionError('Connection to Telegram failed {} time(s)'.format(self._retries))
ConnectionError: Connection to Telegram failed 5 time(s)
to whom may concern! you need to add a proxy parameter to your TelegramClient
import socks
proxy = (socks.SOCKS5, 'your socks proxy IP', 'your socks proxy port')
TelegramClient(proxy=proxy, 'add other required arguments')
Hello I am trying to create a testbucket on a Ceph Raspberry Pi cluster(local) and I get the following error message:
OS:Debian Jessie
Ceph: v12.2.12 Luminous
s3cmd:2.0.2
[ceph_deploy.rgw][INFO ] The Ceph Object Gateway (RGW) is now running on host admin and default port 7480
./s3cmd --debug mb s3://testbucket
Debug Message:
DEBUG: Unicodising 'mb' using UTF-8
DEBUG: Unicodising 's3://testbucket' using UTF-8
DEBUG: Command: mb
DEBUG: CreateRequest: resource[uri]=/
DEBUG: Using signature v2
DEBUG: SignHeaders: u'PUT\n\n\n\nx-amz-date:Wed, 15 Jan 2020 02:28:25 +0000\n/testbucket/'
DEBUG: Processing request, please wait...
DEBUG: get_hostname(testbucket): 192.168.178.50:7480
DEBUG: ConnMan.get(): creating new connection: http://192.168.178.50:7480
DEBUG: non-proxied HTTPConnection(192.168.178.50, 7480)
DEBUG: Response:
DEBUG: Unicodising './s3cmd' using UTF-8
DEBUG: Unicodising '--debug' using UTF-8
DEBUG: Unicodising 'mb' using UTF-8
DEBUG: Unicodising 's3://testbucket' using UTF-8
Invoked as: ./s3cmd --debug mb s3://testbucket
Problem: error: [Errno 111] Connection refused
S3cmd: 2.0.2
python: 2.7.17 (default, Oct 19 2019, 23:36:22)
[GCC 9.2.1 20190909]
environment LANG=en_GB.UTF-8
Traceback (most recent call last):
File "./s3cmd", line 3092, in <module>
rc = main()
File "./s3cmd", line 3001, in main
rc = cmd_func(args)
File "./s3cmd", line 237, in cmd_bucket_create
response = s3.bucket_create(uri.bucket(), cfg.bucket_location)
File "/home/cephuser/s3cmd-2.0.2/S3/S3.py", line 398, in bucket_create
response = self.send_request(request)
File "/home/cephuser/s3cmd-2.0.2/S3/S3.py", line 1258, in send_request
conn = ConnMan.get(self.get_hostname(resource['bucket']))
File "/home/cephuser/s3cmd-2.0.2/S3/ConnMan.py", line 253, in get
conn.c.connect()
File "/usr/lib/python2.7/httplib.py", line 831, in connect
self.timeout, self.source_address)
File "/usr/lib/python2.7/socket.py", line 575, in create_connection
raise err
error: [Errno 111] Connection refused
Does anyone know about the error ?
Solution:
Ceph-rgw Service stop automatically after installation
After my gateway was permanently available I could create a testbucket with s3cmd
I am new to the ssl and stuff, I have generated the self signed certificates using openssl.
openssl req -newkey rsa:2048 -nodes -keyout key.pem -x509 -days 3650 -out certificate.pem
Where Server has the following Code.
if __name__ == "__main__":
context = ssl.SSLContext(ssl.PROTOCOL_TLSv1_2)
context.load_cert_chain("/home/rootkit/ssl/certificate.pem",
"/home/rootkit/ssl/key.pem")
http_server = tornado.httpserver.HTTPServer(Application(), ssl_options=context)
#
# http_server = tornado.httpserver.HTTPServer(Application(), ssl_options={
# 'certfile': '/home/rootkit/ssl/certificate.pem',
# 'keyfile': '/home/rootkit/ssl/key.pem',
# })
http_server.listen(8888)
tornado.ioloop.IOLoop.current().start()
When I access the url from chrome it just give the exception because it is not signed by any authority so I proceed it as unsafe.
But if I see the traffic via wireshark it shows the encrypted traffic.
But when I tried to connect with the Tornado Client it throws the following error.
WARNING:tornado.general:SSL Error on 6 ('127.0.0.1', 8888): [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:645)
ERROR:tornado.application:Exception in callback functools.partial(<function wrap.<locals>.null_wrapper at 0xb72e514c>, <Task finished coro=<check_status() done, defined at /home/rootkit/PycharmProjects/websocketserver/file_upload/websocketclient.py:82> exception=SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:645)')>)
Traceback (most recent call last):
File "/home/rootkit/.local/lib/python3.5/site-packages/tornado/ioloop.py", line 758, in _run_callback
ret = callback()
File "/home/rootkit/.local/lib/python3.5/site-packages/tornado/stack_context.py", line 300, in null_wrapper
return fn(*args, **kwargs)
File "/home/rootkit/.local/lib/python3.5/site-packages/tornado/ioloop.py", line 779, in _discard_future_result
future.result()
File "/usr/lib/python3.5/asyncio/futures.py", line 274, in result
raise self._exception
File "/usr/lib/python3.5/asyncio/tasks.py", line 241, in _step
result = coro.throw(exc)
File "/home/rootkit/PycharmProjects/websocketserver/file_upload/websocketclient.py", line 89, in check_status
param = await client.fetch(request)
File "/usr/lib/python3.5/asyncio/futures.py", line 361, in __iter__
yield self # This tells Task to wait for completion.
File "/usr/lib/python3.5/asyncio/tasks.py", line 296, in _wakeup
future.result()
File "/usr/lib/python3.5/asyncio/futures.py", line 274, in result
raise self._exception
File "/home/rootkit/.local/lib/python3.5/site-packages/tornado/simple_httpclient.py", line 272, in run
max_buffer_size=self.max_buffer_size)
File "/home/rootkit/.local/lib/python3.5/site-packages/tornado/gen.py", line 1133, in run
value = future.result()
File "/usr/lib/python3.5/asyncio/futures.py", line 274, in result
raise self._exception
File "/home/rootkit/.local/lib/python3.5/site-packages/tornado/gen.py", line 1141, in run
yielded = self.gen.throw(*exc_info)
File "/home/rootkit/.local/lib/python3.5/site-packages/tornado/tcpclient.py", line 242, in connect
server_hostname=host)
File "/home/rootkit/.local/lib/python3.5/site-packages/tornado/gen.py", line 1133, in run
value = future.result()
File "/usr/lib/python3.5/asyncio/futures.py", line 274, in result
raise self._exception
File "/home/rootkit/.local/lib/python3.5/site-packages/tornado/iostream.py", line 1501, in _do_ssl_handshake
self.socket.do_handshake()
File "/usr/lib/python3.5/ssl.py", line 988, in do_handshake
self._sslobj.do_handshake()
File "/usr/lib/python3.5/ssl.py", line 633, in do_handshake
self._sslobj.do_handshake()
ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:645)
Here is the Client code.
async def check_status():
url = "https://127.0.0.1:8888/"
request = httpclient.HTTPRequest(url=url,
method="GET",
client_key="/home/rootkit/client.key",
client_cert="/home/rootkit/ssl/client.pem")
client = httpclient.AsyncHTTPClient()
param = await client.fetch(request)
print(param)
I have generated the client certificates using the came command I used for the server.
What could be the possible issue.
What I am missing ?
I got the answer from the github repo that is,
The "client" certificate is a totally different thing: a way for the server to authenticate the client, so called "mutual authentication". It does nothing in this case because the server is not set up to check the client's certificate. It does not cause the client to skip validation of the server's certificate. To do that like you do for chrome, use validate_cert=False.
(standard disclaimer that you need to make sure that you don't accidentally leave validate_cert=False in when this code makes it into some real-world product or service)
So I just need to remove the client side validation of the certificate.
For "real production use" you probably want to generate a real trusted server certificate for your real dns domain, for example with "Let's Encrypt".
validate_cert=False will encrypt the traffic but not validate the certificate ?
So I changed my client to
async def check_status():
url = "https://127.0.0.1:8888/"
request = httpclient.HTTPRequest(url=url,
method="GET",
validate_cert=False)
client = httpclient.AsyncHTTPClient()
param = await client.fetch(request)
print(param.body)