Else you will need to following the steps mentioned in the following doc to fix the "certificate verify failed (_ssl.c" issue while using RHEL7: Controlling and troubleshooting certificate verification
The second option is safe as long as you do not want the certificate verification (or if you are in test environment). Otherwise it is highly discouraged to disable it. The verify=disable, ensures that the HTTPS certificate verification is disabled. You can verify the same using the Sample code mentioned in the above link to see if it works at your end.
With Python 2.7.9 release the default HTTPS behaviour has changed, which is now to always verify the remote HTTPS certificate to which you are initiating a connection.
In the Python 2.7.9 release notes you can read more about the changes that made it in this release of Python, and PEP 476 provides the technical details and rationale about this change.
CVE-2014-9365 The Python standard library HTTP client modules (such as httplib or
urllib) did not perform verification of TLS/SSL certificates when
connecting to HTTPS servers. A man-in-the-middle attacker could use this
flaw to hijack connections and eavesdrop or modify transferred data.
I have got a suggestion it's not a good idea to disable certificate verification in Python.
Sharing some more information from our investigation, Just thinking it might help others:
We use AWS EC2
With Python 2.7, JDK 1.8 and Cent OS 7.2 there is no issue. Everything is smooth.
With Python 2.7, JDK 1.8 and Cent OS 7.3 and Centos 7.4 we are seeing this issue.
What I have reported here, is with respect to Centos 7.3 and with Centos 7.4 Issue is slightly different:
Certificate verification fails while adding nodes to the cluster itself.
Downgrading from centos 7.3 to 7.2 is not straight forward. And AWS EC2 market place provides Centos 7.0 Image and when we create instance from this image, it applies security and patch updates resulting in Centos 7.3.
We can create our own Image of Centos 7.3 from existing servers but, It's always good be with the latest update for the OS for security reasons.
To finish it shortly, we have workarounds but not a solution yet 🙂 Thanks for your help.