For a deeper look into our Elektron API, look into:

Overview |  Quickstart |  Documentation |  Downloads |  Tutorials |  Articles

question

Upvotes
Accepted
7 1 0 2

SSL: CERTIFICATE_VERIFY_FAILED for websocket API

Trying to access Real Time Optimized via Websocket API and ran into SSL: CERTIFICATE_VERIFY_FAILED.

Below is the console log / error log for the same.

/usr/local/bin/python3.9 /Users/XXXXX/PycharmProjects/Refiniiv-websocket-api/Applications/Examples/RDP/python/market_price_rdpgw_authentication.py
Sending authentication request with password to https://api.refinitiv.com:443/auth/oauth2/v1/token ...
Refinitiv Data Platform Authentication succeeded. RECEIVED:
{
"access_token":"eyJ0eXAiOi...Om65YA",
"expires_in":"600",
"refresh_token":"ced8c956-7527-46b7-bf35-6e1d4a4f1a16",
"scope":"trapi.streaming.pricing.read",
"token_type":"Bearer"
}
Connecting to WebSocket wss://us-east-1-aws-1-sm.optimized-pricing-api.refinitiv.net:443/WebSocket ...
[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1123)
WebSocket Closed


Also ran the "market_price_rdpgw_service_discovery.py" : getting the same error across all end points

Please let me know on the next steps to resolve this issue.

#technologywebsocketsrrto
icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Upvote
Accepted
62k 173 45 65

@changyao.yeo

The certificate of that server is issued by Sectigo and it is a valid certificate.

1678442952243.png

However, this certificate may be intercepted by the client's proxy or firewall. Therefore, the client should contact the IT or network support team to verify the settings on a client's proxy or firewall server.


1678442952243.png (120.5 KiB)
icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

@Jirapongse @wasin.w Thank you!
Upvotes
62k 173 45 65

@changyao.yeo

Thanks for reaching out to us.

If you run the application on the company's machine, the problem could be from Zscaler.

You may need to contact the Zscaler team to whitelist this server. Otherwise, you can try to disable the SSL check for the WebSocket connection.

I found the following solution on StackOverflow.

import ssl
... 

 wst = threading.Thread(target=self.web_socket_app.run_forever, kwargs={'sslopt': {'check_hostname': False,"cert_reqs": ssl.CERT_NONE}})

I am unable to test it because I can run the application properly on my machine.

I hope that this information is of help.


icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Thanks Jirapongse.

Apologies, this is on behalf of client so it's run on an external machine and the problem is likely not from Zscaler.


Besides disabling SSL check for the WebSocket connection, is there anything else client can try.

Upvotes
18.9k 37 12 12

Hello @changyao.yeo

You may update the Zscaler policy first by opening the Zscaler program --> clicking "More" --> then clicking the "Update policy" button as follows:

zscaler-pic.png

If the problem still persists, please contact the Zscaler team as suggested by my colleague.

In the meantime, you can use the workaround as suggested by @Jirapongse.


zscaler-pic.png (27.2 KiB)
icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.