SSL: CERTIFICATE_VERIFY_FAILED when calling Azure library in docker container and in VS code running locally

Shafaqat Ali 5 Reputation points
2023-08-30T01:25:16.4766667+00:00

I am reading a client certificate from Azure key vault in Python. Code in being run in VS code in windows.

I have following code

credential = DefaultAzureCredential()
certificate_client = CertificateClient("url of keyvault", credential)
certificate = certificate_client.get_certificate("certificatename")

I am getting following error

ServiceRequestError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1002)

Then I installed "python-certifi-win32" package and error got fixed. Then I created a docker container and I have this list of packages in the requirement.txt file

azure-functions
python-certifi-win32
azure.identity
azure.keyvault.certificates
azure.keyvault.secrets
requests_pkcs12

but then I got this error

---> Microsoft.Azure.WebJobs.Script.Workers.Rpc.RpcException: Result: Failure Exception: ServiceRequestError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1007) Stack: File "/azure-functions-host/workers/python/3.10/LINUX/X64/azure_functions_worker/dispatcher.py",

# To enable ssh & remote debugging on app service change the base image to the one below
# FROM mcr.microsoft.com/azure-functions/python:4-python3.11-appservice
FROM mcr.microsoft.com/azure-functions/python:4-python3.10-appservice
ENV AzureWebJobsScriptRoot=/home/site/wwwroot \
AzureFunctionsJobHost__Logging__Console__IsEnabled=true
COPY requirements.txt /
RUN pip install --trusted-host pypi.org --trusted-host pypi.python.org --trusted- 
host=files.pythonhosted.org --no-cache-dir -r /requirements.txt
COPY . /home/site/wwwroot

How can I fix this error please?

Azure Functions
Azure Functions
An Azure service that provides an event-driven serverless compute platform.
4,218 questions
0 comments No comments
{count} vote

1 answer

Sort by: Most helpful
  1. MayankBargali-MSFT 68,391 Reputation points
    2023-09-06T01:30:21.5666667+00:00

    @Shafaqat Ali As per the error looks like you are using the self sign certificate. This can happen if the SSL certificate presented by the server is not trusted by the client. Are you using docker image with azure function?

    Below making the request can you try below if it resolves the issue

    import ssl
    ssl._create_default_https_context = ssl._create_unverified_context
    
    0 comments No comments