Posts: 15
Registered: ‎03-03-2017
Accepted Solution

SSL certification validation ignoring "-k" via python scripting

Dear Team,


I am trying to connect to cm api client with below python script.



import sys
from datetime import datetime, timedelta
from cm_api.api_client import ApiResource
cm_host = ""
cm_port = "7183"
cdh5 = None
cm_host = "<IP Address>"
api = ApiResource(cm_host, 7183, username=" ********", password="*********", use_tls=True)
for c in api.get_all_clusters():


I get below error

Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/lib/python2.7/site-packages/cm_api/", line 131, in get_all_clusters
return clusters.get_all_clusters(self, view)
File "/usr/lib/python2.7/site-packages/cm_api/endpoints/", line 66, in get_all_clusters
params=view and dict(view=view) or None)
File "/usr/lib/python2.7/site-packages/cm_api/endpoints/", line 139, in call
ret = method(path, params=params)
File "/usr/lib/python2.7/site-packages/cm_api/", line 110, in get
return self.invoke("GET", relpath, params)
File "/usr/lib/python2.7/site-packages/cm_api/", line 73, in invoke
File "/usr/lib/python2.7/site-packages/cm_api/", line 181, in execute
File "/usr/lib64/python2.7/", line 431, in open
response = self._open(req, data)
File "/usr/lib64/python2.7/", line 449, in _open
'_open', req)
File "/usr/lib64/python2.7/", line 409, in _call_chain
result = func(*args)
File "/usr/lib64/python2.7/", line 1258, in https_open
context=self._context, check_hostname=self._check_hostname)
File "/usr/lib64/python2.7/", line 1214, in do_open
raise URLError(err)
urllib2.URLError: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:579)>


I can overrided above error with below command manually[-k]

curl -X post  -k -u userid:**** https://******************:7183/api/v19/clusters/ADH-DEVELOPMENT001/commands/stop


Now the problem statment is . I am not sure how to add -k option in python code basically don't know how to "Ignore SSL certification validation"



Thanks and Regards,

Naveen Srikanth D

Posts: 430
Registered: ‎07-01-2015

Re: SSL certification validation ignoring "-k" via python scripting


 you have to create an ssl_context before you open the connection and point it to the CA certificate:

import ssl

context = ssl.create_default_context(cafile=cmcertpath)
api = ApiResource( cm_host, '7183', username=username, password=password, use_tls=True, ssl_context=context)