SSL: CERTIFICATE_VERIFY_FAILED certificate verify failed: unable to get local issuer certificate (_ssl.c:1056) in Windows Container Python
Question:
Im running Python scripts inside a windows container and encounter the following error
ServiceRequestError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1056)
I am using the following from azure.storage.blob import BlobServiceClient
Container Base Image — python3.7.2windows:ltsc2019-202302
Issue doesn’t happen on my local machine
What I have tried:
- used latest certifi package version
pip install --upgrade certifi
- Enabled Port 80 (TCP) , Port 443 (TCP) in the Azure Container Instance
Answers:
It turns out the Windows Container Image i used does not have the Trusted Root Certificates.
How i fixed it:
- On my local machine – Run MMC ( Microsoft Management Console). File>Add/Remove Snap In> Certificates
- Look for the certificate(s) that is related to the error
In my case i found it in the /Trusted Root Certification Authorities folder
- Export those certificate(s)( in my case i used .cer format) and added them in a folder inside my solution.
- The .cer files are then imported when building the windows container image
Here are the Dockerfile – Powershell commands that I used to import for both LocalMachine and CurrentUser Certificate Stores.
RUN Import-Certificate -FilePath "MySolutionCertificateFolderExportedCertificate.cer" -CertStoreLocation cert:LocalMachineRoot
RUN Import-Certificate -FilePath "MySolutionCertificateFolderExportedCertificate.cer" -CertStoreLocation cert:CurrentUserRoot
Im running Python scripts inside a windows container and encounter the following error
ServiceRequestError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1056)
I am using the following from azure.storage.blob import BlobServiceClient
Container Base Image — python3.7.2windows:ltsc2019-202302
Issue doesn’t happen on my local machine
What I have tried:
- used latest certifi package version
pip install --upgrade certifi - Enabled Port 80 (TCP) , Port 443 (TCP) in the Azure Container Instance
It turns out the Windows Container Image i used does not have the Trusted Root Certificates.
How i fixed it:
- On my local machine – Run MMC ( Microsoft Management Console). File>Add/Remove Snap In> Certificates
- Look for the certificate(s) that is related to the error
In my case i found it in the /Trusted Root Certification Authorities folder - Export those certificate(s)( in my case i used .cer format) and added them in a folder inside my solution.
- The .cer files are then imported when building the windows container image
Here are the Dockerfile – Powershell commands that I used to import for both LocalMachine and CurrentUser Certificate Stores.
RUN Import-Certificate -FilePath "MySolutionCertificateFolderExportedCertificate.cer" -CertStoreLocation cert:LocalMachineRoot
RUN Import-Certificate -FilePath "MySolutionCertificateFolderExportedCertificate.cer" -CertStoreLocation cert:CurrentUserRoot