SSL Certificate cannot be verified (Python/ESG data)

I am running a Python script to get the ESG data (see code below). There is an issue with the validation of the SSL certificate.
If I disable the verification of the certificate in the "request.get(...)" it works fine otherwise I get the exception below.

Is the certificate supposed to be valid? if yes, which authority signed it?

endpoint = "https://api.refinitiv.com/data/environmental-social-governance/v1/views/scores-full"
params = {'universe': self.ric}
data = requests.get(endpoint,
headers={'Authorization': 'Bearer {}'.format(access_token)},                    params=params,                   
verify=True)     

The exception I am getting is:


Traceback (most recent call last):  File "\\ms\dist\python\PROJ\luigi\2.8.3\lib\luigi\worker.py", line 199, in run    new_deps = self._run_get_new_deps()  File "\\ms\dist\python\PROJ\luigi\2.8.3\lib\luigi\worker.py", line 139, in _run_get_new_deps    task_gen = self.task.run()  File "C:/Users/jacopop/git_repos/dznode.ist/dznode/data/providers/refinitiv/esg/luigi/download_data.py", line 129, in run    df = fetch_external_data(endpoint, access_token, self._get_http_request_params())  File "C:/Users/jacopop/git_repos/dznode.ist/dznode/data/providers/refinitiv/esg/luigi/download_data.py", line 38, in fetch_external_data    verify=True)  File "\\ms\dist\python\PROJ\requests\2.22.0\lib\requests\api.py", line 75, in get    return request('get', url, params=params, **kwargs)  File "\\ms\dist\python\PROJ\requests\2.22.0\lib\requests\api.py", line 60, in request    return session.request(method=method, url=url, **kwargs)  File "\\ms\dist\python\PROJ\requests\2.22.0\lib\requests\sessions.py", line 533, in request    resp = self.send(prep, **send_kwargs)  File "\\ms\dist\python\PROJ\requests\2.22.0\lib\requests\sessions.py", line 646, in send    r = adapter.send(request, **kwargs)  File "\\ms\dist\python\PROJ\requests\2.22.0\lib\requests\adapters.py", line 514, in send    raise SSLError(e, request=request)requests.exceptions.SSLError: HTTPSConnectionPool(host='api.refinitiv.com', port=443): Max retries exceeded with url: /data/environmental-social-governance/v1/views/scores-full?universe=0019.HK (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')])")))2019-11-08 16:02:33 ERROR worker[18368|924] run(218): [pid 18368] Worker Worker(salt=636252089, workers=1, host=CQDPW224785IT, username=jacopop, pid=18368) failed    RicBasedDownloadTask(date=2019-11-06, dataset_id=refinitiv/esg/Scores, ric=0019.HK)Traceback (most recent call last):  File "\\ms\dist\python\PROJ\urllib3\1.25.5\lib\urllib3\contrib\pyopenssl.py", line 485, in wrap_socket    cnx.do_handshake()  File "\\ms\dist\python\PROJ\OpenSSL\18.0.0\lib\OpenSSL\SSL.py", line 1907, in do_handshake    self._raise_ssl_error(self._ssl, result)  File "\\ms\dist\python\PROJ\OpenSSL\18.0.0\lib\OpenSSL\SSL.py", line 1639, in _raise_ssl_error    _raise_current_error()  File "\\ms\dist\python\PROJ\OpenSSL\18.0.0\lib\OpenSSL\_util.py", line 54, in exception_from_error_queue    raise exception_type(errors)OpenSSL.SSL.Error: [('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')]

Best Answer

  • Gurpreet
    Gurpreet admin
    Answer ✓

    Hi @jacopo.pecci The certificate is valid and signed by COMODO RSA Certification Authority and works with python.

    Certificate chain
    0 s:/C=US/postalCode=10036/ST=NY/L=New York/street=3 Times Square/O=Thomson Reuters Inc/OU=EDS Request Response/CN=api.refinitiv.com
    i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Organization Validation Secure Server CA
    1 s:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
    i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
    2 s:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Certification Authority
    i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
    3 s:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Organization Validation Secure Server CA
    i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Certification Authority

    Try using the esgViews.py sample provided in the downloads section in tutorials.

    >>python esgViews.py
    Optional arguments:
    -1 Basic View <default>
    -2 Standard Measures
    -3 Full Measures
    -4 Standard Scores
    -5 Full Scores
    Getting OAuth access token...
    Reading the token from: token.txt
    Invoking data request for: TRI.N
    Resource access successful
    instrument, periodenddate, TR.CSRReportingScope, TR.ESGPeriodLastUpdateDate, TR.CO2EmissionTotal, TR.WomenManagers, TR.A
    vgTrainingHours
    ---------------
    TRI.N, 2018-12-31, 100, 2019-10-11T00:00:00, 102300, 40, 19.4

    If you are still having issues, ensure that you are on latest version of python and requests and that a firewall isn't re-signing your https request.

Welcome!

It looks like you're new here. Sign in or register to get started.

Welcome!

It looks like you're new here. Sign in or register to get started.