Certificate verification failure
Gauge73 opened this issue · comments
How do you disable certificate verification? Almost everyone is going to use a self-signed certificate for ePO.
You should never disable certificate verification, especially for a system designed to monitor security configuration. Instead, configure a requests.Session
for TLS verification and pass it to mcafee_epo.Client
.
s = requests.Session()
s.verify = '/path/to/certfile'
c = Client(url, username, password, session=s)
Fair enough. Thanks!
s.verify = '/path/to/certfile'
,What is this certificate file? How to get?
It's the CA file that describes the trust for the cert presented by the server being connected to. If you don't know what that means, consult your IT department. As mentioned, this is a functionality of requests, not this library. Please see requests docs on cert verification.
You should never disable certificate verification, especially for a system designed to monitor security configuration. Instead, configure a
requests.Session
for TLS verification and pass it tomcafee_epo.Client
.s = requests.Session() s.verify = '/path/to/certfile' c = Client(url, username, password, session=s)Alternatively and preferably, configure your system's certificate store to trust your internal CA, then requests and most other software will automatically use this by default.
I agree that's how that should work. In reality it often isn't feasible.
In most large scale Enterprise environments certificate verification is the only path forward. You often don't have access to the underlying environment to get your OS to trust the certificate being provided. :(