Connecting to %s using SSL with verify_certs=False is insecure

Here is my python code for connecting to Elasticsearch:

from elasticsearch import Elasticsearch

es = Elasticsearch([HOST], http_auth = (str(USERNAME), str(PASSWORD)), scheme = "https", port=443)

Error:
/usr/local/lib/python3.6/dist-packages/elasticsearch/connection/http_urllib3.py:54: UserWarning: Connecting to <my_url>.aws.found.io using SSL with verify_certs=False is insecure.
'Connecting to %s using SSL with verify_certs=False is insecure.' % host)

The connection used to work, but not anymore.

More information:
es.info() returns:

{'cluster_name': '<cluster_name>',
 'cluster_uuid': '<cluster_uuid>',
 'name': '<instance_name>,
 'tagline': 'You Know, for Search',
 'version': {'build_date': '2019-09-06T14:40:30.409026Z',
  'build_flavor': 'default',
  'build_hash': '<build_hash>',
  'build_snapshot': False,
  'build_type': 'tar',
  'lucene_version': '8.1.0',
  'minimum_index_compatibility_version': '6.0.0-beta1',
  'minimum_wire_compatibility_version': '6.8.0',
  'number': '7.3.2'}}

Python3 --version = 3.6.8
pip3 --version = pip 9.0.1 from /usr/local/lib/python3.6/dist-packages (python 3.6)

Update:

I also tried this:

from elasticsearch import Elasticsearch
es = Elasticsearch([HOST], 
	http_auth = (str(USERNAME), str(PASSWORD)),
	scheme = "https", port=443, use_ssl=True,
	verify_certs=True, 		# no verify SSL certificates
	ssl_show_warn=False) 	# don't show warnings about ssl certs verification

It didn't return me any warning, but then when I try to perform a search I get this problem:

query = '{"query": {"bool": {"must": [{"match": {"message": "exception"}}, {"match": {"cloudwatch_logs.log_group": "/aws/lambda/*"}}], "filter": {"range": {"@timestamp": {"from": "now-6h/h", "to": "now"}}}}}}'
index = 'cloudwatch-prod-2019-11'
es.search(index = index, body = query, size = 10000)

Error:

GET <my_url>/cloudwatch-prod-2019-11/_search?size=100 [status:N/A request:0.110s]
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 601, in urlopen
    chunked=chunked)
  File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 346, in _make_request
    self._validate_conn(conn)
  File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 852, in _validate_conn
    conn.connect()
  File "/usr/lib/python3/dist-packages/urllib3/connection.py", line 326, in connect
    ssl_context=context)
  File "/usr/lib/python3/dist-packages/urllib3/util/ssl_.py", line 332, in ssl_wrap_socket
    return context.wrap_socket(sock, server_hostname=server_hostname)
  File "/usr/lib/python3.6/ssl.py", line 407, in wrap_socket
    _context=self, _session=session)
  File "/usr/lib/python3.6/ssl.py", line 817, in __init__
    self.do_handshake()
  File "/usr/lib/python3.6/ssl.py", line 1077, in do_handshake
    self._sslobj.do_handshake()
  File "/usr/lib/python3.6/ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:852)

From the python traceback the problem in ssl verification which makes your script fails, reconfigure "verify_certs" with False and it should be fix your problem.

It still had certificate issues. The fix was using certifi according to this link https://github.com/elastic/elasticsearch-py/issues/669

Code:

import certifi
es = Elasticsearch([HOST],http_auth = (str(USERNAME), str(PASSWORD)),
          scheme = "https", port = 443, maxsize = 5,
          use_ssl=True, ca_certs=certifi.where())

I'm using:

requirements.txt:

pandas==0.24.2
botocore==1.12.42
pytz==2018.5
boto3==1.9.42
certifi==2019.03.09
six==1.12.0
urllib3==1.22
pip==9.0.1
1 Like

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.