Skip to content
This repository has been archived by the owner on Aug 12, 2019. It is now read-only.

Ignore self-signed SSL certificate errors

Compare
Choose a tag to compare
@marknca marknca released this 19 Feb 12:48
· 119 commits to master since this release

Now works smoothly with the default configuration of locally installed Deep Security Managers

SSL Certification Validation

By default, the suds and requests libraries attempt to validate SSL certificates. Unfortunately, the default install of Deep Security via software and via the AWS Marketplace uses a self-signed certificate. This was causing an SSL: CERTIFICATE_VERIFY_FAILED error for both the SOAP and REST API calls.

This release resolves that issue by offering the user that ability to create a deepsecurity.manager.Manager() object that ignores SSL certificate validation

Recommendation

It's highly recommended that you use a valid SSL certificate. This adds an additional layer of assurance to your deployment on top of restricting the address space that can access your Deep Security Manager.

Usage

In order to ignore SSL certification validation, create the deepsecurity.manager.Manager() as follows;

import deepsecurity
mgr = deepsecurity.manager.Manager(username=user, password=pass, dsm_hostname=dsm, dsm_port=4119, ignore_ssl_validation=True)