Knowledge Drop

Why do I get the error "certificate verify failed (Faraday::SSLError)" when using the API?

  • 7 July 2021
  • 0 replies
  • 1736 views

Userlevel 3
Badge

Last tested: Jun 15, 2018
 

This error message indicates that the SSL certificate used by the Looker instance is not trusted or verifiable by the API caller. This is common when you are running a local looker instance configured with a self-signed SSL certificate.

You have two choices to resolve this issue: Configure your machine to trust the self-signed certificate of your local Looker instance (instructions here), or configure your app script to ignore certificate verification.
For the Looker Ruby SDK, you can do this:

 

:connection_options => {:ssl => {:verify => false}}

 

per this document: https://github.com/looker/looker-sdk-ruby/blob/master/readme.md

For the Python SDK, you can do this in the .ini file:

 

verify_ssl=False

 

per the Configuring the SDK section of this document: https://pypi.org/project/looker-sdk/

Note that skipping SSL certificate verification does not erase the value of using HTTPS for all connections to the Looker server. Certificate verification provides assurance that the server you're talking to is who you are expecting to talk to, and not some man-in-the-middle interloper. Without certificate verification, you may not be entirely sure who you're talking to, but at least the HTTP connection will still be encrypted end-to-end, so that the data sent through the connection cannot be seen by third party observers watching your network traffic.

If you are frustrated by SSL configuration and is tempted to turn off SSL entirely on your Looker instance, don't do it! Using a self-signed cert with verification disabled is far better, far more secure than turning off SSL entirely.

Example of full error message:

 

looker_sdk.error.SDKError: b"HTTPSConnectionPool(host='looker.customer.com', port=19999): Max retries exceeded with url: /api/3.1/login (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1076)')))"

 

This content is subject to limited support.                

 

 


0 replies

Be the first to reply!

Reply