I am using the following config.hcl for my Hashicorp server,
disable_mlock = true
storage "file" {
path = "/etc/secrets"
}
listener "tcp" {
address = "10.xx.xx.xx:8200"
tls_cert_file = "/etc/certs/selfsigned.crt"
tls_key_file = "/etc/certs/selfsigned.key"
}
it is working fine when i perform vault operations, But when i try reach it using hvac python library i am getting SSL error. The code i am using to connect to hashicorp server from python is,
import hvac
client = hvac.Client(url='https://10.xx.xx.xx:8200', cert=('/etc/certs/selfsigned.crt', '/etc/certs/selfsigned.key'))
client.token = 'd460cb82-08aa-4b97-8655-19b6593b262d'
client.is_authenticated()
The full error trace i am getting is as follows:-
Traceback (most recent call last): File "", line 1 , in File "/usr/local/lib/python2.7/dist-packages/hvac/v1/init.py", line 552, in is_authenticated self.lookup_token() File "/usr/local/lib/python2.7/dist-packages/hvac/v1/init.py", line 460, in lookup_token return self._get('/v1/auth/token/lookup-self', wrap_ttl=wrap_ttl).json() File "/usr/local/lib/python2.7/dist-packages/hvac/v1/init.py", line 1236, in _get return self.request('get', url, **kwargs) File "/usr/local/lib/python2.7/dist-packages/hvac/v1/__init.py", line 1264, in __request allow_redirects=False, **_kwargs) File "/usr/local/lib/python2.7/dist-packages/requests/sessions.py", line 512, in request resp = self.send(prep, **send_kwargs) File "/usr/local/lib/python2.7/dist-packages/requests/sessions.py", line 622, in send r = adapter.send(request, **kwargs) File "/usr/local/lib/python2.7/dist-packages/requests/adapters.py", line 511, in send raise SSLError(e, request=request) requests.exceptions.SSLError: HTTPSConnectionPool(host='10.xx.xx.xx', port=8200): Max retries exceeded with url: /v1/auth/token/lookup-self (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')],)",),))
