当我运行命令 aws s3 ls
我收到此错误:
SSL validation failed for https://s3.zonename.amazonaws.com/ [SSL: CERTIFICATE_
VERIFY_FAILED] certificate verify failed (_ssl.c:749)
--no-verify-ssl
可以正常工作我怎样才能使它与 ssl 验证一起工作?
aws s3 ls --debug
登录如下:
Traceback (most recent call last):
File "C:\Program Files\Amazon\AWSCLI\runtime\lib\site-packages\urllib3\connect
ionpool.py", line 594, in urlopen
self._prepare_proxy(conn)
File "C:\Program Files\Amazon\AWSCLI\runtime\lib\site-packages\urllib3\connect
ionpool.py", line 805, in _prepare_proxy
conn.connect()
File "C:\Program Files\Amazon\AWSCLI\runtime\lib\site-packages\urllib3\connect
ion.py", line 344, in connect
ssl_context=context)
File "C:\Program Files\Amazon\AWSCLI\runtime\lib\site-packages\urllib3\util\ss
l_.py", line 344, in ssl_wrap_socket
return context.wrap_socket(sock, server_hostname=server_hostname)
File "ssl.py", line 401, in wrap_socket
File "ssl.py", line 808, in __init__
File "ssl.py", line 1061, in do_handshake
File "ssl.py", line 683, in do_handshake
ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c
:749)
最佳答案
这里的问题不是使用代理本身(AWS CLI 通过设置例如 HTTPS_PROXY 环境变量来允许这样做),而是 AWS CLI 客户端不信任代理的证书。代理的证书可能是自签名的,您的公司设置为 CA(认证机构)。 AWS CLI 客户端在本地系统的 CA 注册表中找不到您公司的 CA 根证书,因此无法验证代理的证书并发出 CERTIFICATE_VERIFY_FAILED
错误。
为了解决这个问题,我们可以通过 --ca-bundle 将公司的根证书(例如 company-root-ca.pem
)传递给 AWS CLI 客户端命令参数(或通过 AWS_CA_BUNDLE
环境变量或配置文件):
$ export HTTPS_PROXY=<host>:<port>
$ aws s3 ls --ca-bundle /path/to/company-root-ca.pem
关于python - https ://s3. zoneame.amazonaws.com/的 SSL 验证失败 [SSL : CERTIFICATE_ VERIFY_FAILED] certificate verify failed (_ssl. c:749),我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/54689099/