I have a Python application that I am using to update a Point value. I use the Requests library to make the following request:
pi_publish = requests.post(
url=os.environ.get('PI_API_URL') + '/batch',
json=batch_request,
auth=HTTPBasicAuth(os.environ.get('PI_USERNAME'), os.environ.get('PI_PASSWORD')),
)However, I get the following error with this request:
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:997)
So, the easiest way to avoid that is to add `verify=False` to the request as follows:
pi_publish = requests.post(
url=os.environ.get('PI_API_URL') + '/batch',
json=batch_request,
auth=HTTPBasicAuth(os.environ.get('PI_USERNAME'), os.environ.get('PI_PASSWORD')),
verify=False
)The issue here is that `verify=False` is NOT something you should do in production, as this allows insecure requests to your API and makes your application vulnerable to Man-In-The-Middle attacks.
I've tried some SSL certificate chaining by creating my own .pem file, which can work, but seems like a bit of work to do securely, especially since I am deploying this using a Docker container and Kubernetes cluster. Is there an "OSISoft-approved" way to make these requests to 1) avoid the local issuer certificate issue but also 2) not performing insecure requests with `verify=False`?
