SSL Certificate cannot be verified (Python/ESG data)

jacopo.pecci

I am running a Python script to get the ESG data (see code below). There is an issue with the validation of the SSL certificate.
If I disable the verification of the certificate in the "request.get(...)" it works fine otherwise I get the exception below.

Is the certificate supposed to be valid? if yes, which authority signed it?

endpoint = "https://api.refinitiv.com/data/environmental-social-governance/v1/views/scores-full"
params = {'universe': self.ric}
data = requests.get(endpoint,
		headers={'Authorization': 'Bearer {}'.format(access_token)},                    	params=params,                    
		verify=True)     

The exception I am getting is:

Traceback (most recent call last):  File "\\ms\dist\python\PROJ\luigi\2.8.3\lib\luigi\worker.py", line 199, in run    new_deps = self._run_get_new_deps()  File "\\ms\dist\python\PROJ\luigi\2.8.3\lib\luigi\worker.py", line 139, in _run_get_new_deps    task_gen = self.task.run()  File "C:/Users/jacopop/git_repos/dznode.ist/dznode/data/providers/refinitiv/esg/luigi/download_data.py", line 129, in run    df = fetch_external_data(endpoint, access_token, self._get_http_request_params())  File "C:/Users/jacopop/git_repos/dznode.ist/dznode/data/providers/refinitiv/esg/luigi/download_data.py", line 38, in fetch_external_data    verify=True)  File "\\ms\dist\python\PROJ\requests\2.22.0\lib\requests\api.py", line 75, in get    return request('get', url, params=params, **kwargs)  File "\\ms\dist\python\PROJ\requests\2.22.0\lib\requests\api.py", line 60, in request    return session.request(method=method, url=url, **kwargs)  File "\\ms\dist\python\PROJ\requests\2.22.0\lib\requests\sessions.py", line 533, in request    resp = self.send(prep, **send_kwargs)  File "\\ms\dist\python\PROJ\requests\2.22.0\lib\requests\sessions.py", line 646, in send    r = adapter.send(request, **kwargs)  File "\\ms\dist\python\PROJ\requests\2.22.0\lib\requests\adapters.py", line 514, in send    raise SSLError(e, request=request)requests.exceptions.SSLError: HTTPSConnectionPool(host='api.refinitiv.com', port=443): Max retries exceeded with url: /data/environmental-social-governance/v1/views/scores-full?universe=0019.HK (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')])")))2019-11-08 16:02:33 ERROR worker[18368|924] run(218): [pid 18368] Worker Worker(salt=636252089, workers=1, host=CQDPW224785IT, username=jacopop, pid=18368) failed    RicBasedDownloadTask(date=2019-11-06, dataset_id=refinitiv/esg/Scores, ric=0019.HK)Traceback (most recent call last):  File "\\ms\dist\python\PROJ\urllib3\1.25.5\lib\urllib3\contrib\pyopenssl.py", line 485, in wrap_socket    cnx.do_handshake()  File "\\ms\dist\python\PROJ\OpenSSL\18.0.0\lib\OpenSSL\SSL.py", line 1907, in do_handshake    self._raise_ssl_error(self._ssl, result)  File "\\ms\dist\python\PROJ\OpenSSL\18.0.0\lib\OpenSSL\SSL.py", line 1639, in _raise_ssl_error    _raise_current_error()  File "\\ms\dist\python\PROJ\OpenSSL\18.0.0\lib\OpenSSL\_util.py", line 54, in exception_from_error_queue    raise exception_type(errors)OpenSSL.SSL.Error: [('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')]

Gurpreet

Hi @jacopo.pecci The certificate is valid and signed by COMODO RSA Certification Authority and works with python.

Certificate chain
 0 s:/C=US/postalCode=10036/ST=NY/L=New York/street=3 Times Square/O=Thomson Reuters Inc/OU=EDS Request Response/CN=api.refinitiv.com
   i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Organization Validation Secure Server CA
 1 s:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
   i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
 2 s:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Certification Authority
   i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
 3 s:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Organization Validation Secure Server CA
   i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Certification Authority

Try using the esgViews.py sample provided in the downloads section in tutorials.

>>python esgViews.py
Optional arguments:
  -1 Basic View <default>
  -2 Standard Measures
  -3 Full Measures
  -4 Standard Scores
  -5 Full Scores
Getting OAuth access token...
Reading the token from: token.txt
Invoking data request for: TRI.N
Resource access successful
instrument, periodenddate, TR.CSRReportingScope, TR.ESGPeriodLastUpdateDate, TR.CO2EmissionTotal, TR.WomenManagers, TR.A
vgTrainingHours
---------------
TRI.N, 2018-12-31, 100, 2019-10-11T00:00:00, 102300, 40, 19.4

If you are still having issues, ensure that you are on latest version of python and requests and that a firewall isn't re-signing your https request.