SSL error when calling Domino model API

jiaqi_ling

Hi all, I was able to to publish the model API on Domino but when I called the model in Python Requests as suggested, it always raises a SSL error with certificate verify failed. And if I turn off the certificate verify, the request works just fine.

Does anyone know an easy solution so that I could call the model in a secured way? (Preferably without adding chain certificates or anything because it would be impossible to ask every end users to do that on their own)

Details attached. Thanks in advance!

Request:

response = requests.post("url",  auth=(…), json={ "data": {…}} , #verify=False)

Error:

SSLError: HTTPSConnectionPool(host='myhost', port=myport): Max retries exceeded with url: /models/……/latest/model (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')])")))

pankhuri.verma

Hi, To fix the "certificate verify failed" error when you call the model there are only 2 ways , as you have mentioned above -

1) To provide the certificate

2) to use verify=false option

https://stackoverflow.com/questions/27835619/urllib-and-ssl-certificate-verify-failed-error

I am not aware of any other way to resolve this issue.

One thing you can do is share the cacert.pem that has the relevant certificate chain with your users, using S3 bucket or something similar and then the users can use that when calling the model by putting that file under the root folder and use it as shown in the below example.

export REQUESTS_CA_BUNDLE='/mnt/cacert.pem'

Let me know if you have any issues.

pankhuri.verma

I don't have a lot of information around this but from what I have read from Google is that this happens due to outdated certs that come with Python. So when you call the Model , the browser sees these outdated certs and gives you the error. You can find more information around this from this article that I am referring to -

https://sectigostore.com/page/what-is-an-ssl-certificate_verify_failed-error-and-how-do-i-resolve-it/#:~:text=SSL%20certificate_verify_failed%20errors%20typically%20occur,using%20a%20valid%20SSL%20certificate.

jiaqi_ling

https://community.dominodatalab.com/discussion/comment/323#Comment_323

Thanks for your reply! Do you know the root cause for this? Is it because the model url I called on doesn't have a valid certificate? is this something Domino could fix?

pankhuri.verma

Hi, Sorry I missed your reply. The root cause for this issue is due to Python containing outdated certificates. There are 2 ways to resolve this -

1) Disable Certificate Verification ( not ideal but works )

2) Update the SSL certificate using -

 pip install --upgrade certifi

Do let me know if this answers your question