- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
how to configure ssl on system so that i can use ssl option pyvmomi or python vshpere sdk 8.0
this script is from pyvmomi.
*********************************************
# python3 getallvms.py -s xxxxx -u root -p xxxxx
[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1129)
Unable to connect to host with supplied credentials
below is the script i have used to run.
[serverX] [vsphere-automation-sdk-python-master]# cat try.py
import requests
import urllib3
from vmware.vapi.vsphere.client import create_vsphere_client
session = requests.session()
# Disable cert verification for demo purpose.
# This is not recommended in a production environment.
#session.verify = False
# Disable the secure connection warning for demo purpose.
# This is not recommended in a production environment.
#urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
# Connect to a vCenter Server using username and password
vsphere_client = create_vsphere_client(server='x.x.x.x', username='administrator@vsphere.local', password='xxxx', session=session)
# List all VMs inside the vCenter Server
ab=vsphere_client.vcenter.VM.list()
print(ab)Traceback (most recent call last):
File "/root/vsphere-automation-sdk-python-master/try.py", line 15, in <module>
vsphere_client = create_vsphere_client(server='x.x.x.x', username='administrator@vsphere.local', password='xxxx', session=session)
File "/usr/local/lib/python3.9/site-packages/vmware/vapi/vsphere/client.py", line 173, in create_vsphere_client
return VsphereClient(session=session, server=server, username=username,
File "/usr/local/lib/python3.9/site-packages/vmware/vapi/vsphere/client.py", line 116, in __init__
session_id = session_svc.create()
File "/usr/local/lib/python3.9/site-packages/com/vmware/cis_client.py", line 201, in create
return self._invoke('create', None)
File "/usr/local/lib/python3.9/site-packages/vmware/vapi/bindings/stub.py", line 345, in _invoke
return self._api_interface.native_invoke(ctx, _method_name, kwargs)
File "/usr/local/lib/python3.9/site-packages/vmware/vapi/bindings/stub.py", line 266, in native_invoke
method_result = self.invoke(ctx, method_id, data_val)
File "/usr/local/lib/python3.9/site-packages/vmware/vapi/bindings/stub.py", line 199, in invoke
return self._api_provider.invoke(self._iface_id.get_name(),
File "/usr/local/lib/python3.9/site-packages/vmware/vapi/security/client/security_context_filter.py", line 101, in invoke
method_result = ApiProviderFilter.invoke(
File "/usr/local/lib/python3.9/site-packages/vmware/vapi/provider/filter.py", line 75, in invoke
method_result = self.next_provider.invoke(
File "/usr/local/lib/python3.9/site-packages/vmware/vapi/protocol/client/msg/json_connector.py", line 79, in invoke
response = self._do_request(VAPI_INVOKE, ctx, params)
File "/usr/local/lib/python3.9/site-packages/vmware/vapi/protocol/client/msg/json_connector.py", line 120, in _do_request
http_response = self.http_provider.do_request(
File "/usr/local/lib/python3.9/site-packages/vmware/vapi/protocol/client/rpc/requests_provider.py", line 95, in do_request
output = self._session.request(
File "/usr/local/lib/python3.9/site-packages/requests/sessions.py", line 529, in request
resp = self.send(prep, **send_kwargs)
File "/usr/local/lib/python3.9/site-packages/requests/sessions.py", line 645, in send
r = adapter.send(request, **kwargs)
File "/usr/local/lib/python3.9/site-packages/requests/adapters.py", line 517, in send
raise SSLError(e, request=request)
requests.exceptions.SSLError: HTTPSConnectionPool(host='x,x,x,x', port=443): Max retries exceeded with url: /api (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1129)')))Let me know what exact steps to enable ssl for python sdk or pyvmomi.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Steps for Linux:
-------------------
1) Download the crt file from vCenter.
i.e,
Go to https://vCenter in your browser and press Enter.
At the bottom right of the page, there is an option to "Download trusted root CA certificates."
It will download the zip file, extract it, and then navigate to the "lin" folder, where it has the certificate file (i.e., "XXXXXXXX.0").
2) Copy the cert file and save it in the "/etc/ssl/certs" folder on your client machine.
3) Add the vCenter IPaddress and hostname entry in the /etc/hosts file. ( if any DNS resolution issue)
4) Run the Python program, but make sure to pass the vCenter hostname (FQDN) instead of the IP address in the code or command.
Eg: without any ssl context
from pyVim.connect import SmartConnect
si = SmartConnect(host="<vCenter or ESXi hostname>", user="<username>", pwd='<password>', port=443)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks a lot, @doskiran for the great help, what about the ESXi server, where to down the CA root certificate for ESXi server?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The same vCenter cert works for both VC/ESXi sessions.
One common way to download cert is - Click on the cert in your browser (in chrome it's to the right of the address, says "Not secure") then click the certification path, and click "CA" to export it into a crt file.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
But if ESXi is not connected with any vCenter, where should I get the certification?
