Python - Ignoring self-signed certificate warnings when using McAfee Web API

Question

I am looking to make use of the mcafee-epo web api python library to automate some of my more repetitive maintenance tasks.

When trying to connect to our epolicy server, I receive an error stating that the certificate is invalid and the script crashes.

The error occurs because our ePO server uses self-signed certificates and therefore produces the usual security warnings upon connection.

Is there any built in function to the mcafee-epo package/module that can be used to disregard this security warning, or perhaps a method of exeception handling that will allow me to bypass the SSL errors produced?

Thanks! A confused jr. admin

Answer 1

Looking at the source code here https://bitbucket.org/davidism/mcafee-epo/src/ecc8836ea933f188dd9836e056cbaaabf768085d/mcafee_epo.py?at=default&fileviewer=file-view-default, if you just make your call as such:

client = Client()
client('endpoint', verify=False)

I can't test it, but the mcafee library is using the requests module. The way you ignore SSL in requests is to include the verify=False in your get/post calls. The kwargs in client get passed to a wrapper around this requests module get.

http://docs.python-requests.org/en/latest/user/advanced/#ssl-cert-verification

Answer 2

You should try to make requests accept your self-signed certificate.

One way would be to set the REQUESTS_CA_BUNDLE environment variable to point to the certificate (bundle) requests should use:

os.environ['REQUESTS_CA_BUNDLE'] = "/path/to/cert.pem"

The alternative would be to change the source of the library to pass the certificate bundle as verify parameter to session.get()/session.post().

You should check out the requests documentation about ssl cert verification