Facing Error - [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:618)

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Facing Error - [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:618)

L1 Bithead

Hi Team, 

 

I'm facing [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:618) error while running my small script. 

 

Can someone please help for the same.

 

Code : 

 

---
namePalo Alto LRS Check
  hosts"{{req_host}}"
  connectionlocal
  # gather_facts: False

  roles:
    - rolePaloAltoNetworks.paloaltonetworks

  vars:
    fw:
      ip_address'{{ host_ip }}'
      username'{{ amuser }}'
      password'{{ ampass }}'
  
  tasks:
    - nameGrab credentials from ansible-vault
      include_vars'prodpass.yml'
      no_log'yes'

    - nameCheck For Long Running Sessions
      panos_op:
        provider'{{ fw }}'
        cmd'<show><session><all><filter><min-age>86400</min-age></filter></all></session></show>'
        cmd_is_xmlTrue
        validate_certsfalse
      registerresult
      

    - nameOutput list of sessions to file
      template:
        srcsession_report.j2
        dest'{{ host_ip}}-{{ ansible_date_time.iso8601 }}-session_report.txt'
      vars:
        sessions'{{ (result.stdout | from_json).response.result.entry }}'

    - nameDisplay output file
      debugmsg="{{lookup('file', "{{ host_ip}}-{{ ansible_date_time.iso8601 }}-session_report.txt")}}"
2 REPLIES 2

Cyber Elite
Cyber Elite

Try setting the "validate_certs" to "no" as for some reason Ansible checks the Palo Alto cert. Also upgrade to the latest version of ansible.

 

 

Also increase the verbosity with "-vvvv" to see better the error message and to google it.  EXAMPLE:  ansible-playbook 'playbook_name '-vvvv

Hello @nikoolayy1 , 

 

thanks for suggestions, I tried it already but it didn't help as it belong to uri module and here I'm using palo's provided module. 

 

Well, this issue belongs to ansible itself as ansible is not able to verify the certificate received from the client. I'm still to find out the actual root cause but we can disable this checks by adding below environment to playbook which will exclude the cert verification.

 

 
  environment:
    PYTHONHTTPSVERIFY0
    
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!