Hi i am getting following error when i am coonecting JIRA hrough API
but my other employee able to connect and get the data.
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1076)
Hello @Rajaiah Kanthala ,
Welcome to the Atlassian Community!
Can you kindly try to call the same REST API endpoint using Curl and paste the output in here (removing the sensitive data) like in below example?
curl -v -u <EMAIL-ADDRESS>:<API-TOKEN> https://<NAME>.atlassian.net/rest/api/3/project/search
* Trying 52.215.xxx.xxx...
* TCP_NODELAY set
* Connected to XXXXXXX.atlassian.net (52.215.xxx.xxx) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server accepted to use h2
* Server certificate:
* subject: C=US; ST=California; L=San Francisco; O=Atlassian Network Services, Inc.; CN=*.atlassian.net
* start date: Oct 6 00:00:00 2017 GMT
* expire date: Dec 20 12:00:00 2019 GMT
* subjectAltName: host "XXXXXXXX.atlassian.net" matched cert's "*.atlassian.net"
* issuer: C=US; O=DigiCert Inc; OU=www.digicert.com; CN=DigiCert SHA2 High Assurance Server CA
* SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Server auth using Basic with user 'XXXXXXXX@atlassian.com'
* Using Stream ID: 1 (easy handle 0x561649afd580)
> GET /rest/api/3/project/search HTTP/2
> Host: XXXXXXXX.atlassian.net
> Authorization: Basic XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
> User-Agent: curl/7.58.0
> Accept: */*
>
* Connection state changed (MAX_CONCURRENT_STREAMS updated)!
< HTTP/2 200
< server: AtlassianProxy/1.15.8.1
< vary: Accept-Encoding
< cache-control: no-cache, no-store, no-transform
< content-type: application/json;charset=UTF-8
< strict-transport-security: max-age=315360000; includeSubDomains; preload
< date: Thu, 21 Nov 2019 10:58:09 GMT
< atl-traceid: XXXXXXXXXXXX
< x-aaccountid: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
< x-arequestid: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
< x-xss-protection: 1; mode=block
< timing-allow-origin: *
< x-content-type-options: nosniff
< set-cookie: atlassian.xsrf.token=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX; Path=/; Secure
<
{
"self": "https://XXXXXXXX.atlassian.net/rest/api/3/project/search?maxResults=50&startAt=0",
"maxResults": 50,
"startAt": 0,
"total": 9,
"isLast": true,
"...": "..."
....
}
Please replace:
Run above command and paste the output (remove the sensitive data like above) in your reply.
Cheers,
Dario
C:\>curl -v -u email:xxxxxxxxxxxx https://name.atlassian.net/rest/api/3/project/search
* Trying 18.234.32.175:443...
* TCP_NODELAY set
* Connected to name.atlassian.net (18.234.32.175) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: C:/Program Files/Git/mingw64/ssl/certs/ca-bundle.crt
CApath: none
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (OUT), TLS alert, unknown CA (560):
* SSL certificate problem: unable to get local issuer certificate
* Closing connection 0
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.haxx.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi @Rajaiah Kanthala ,
The possible ways to fix this error are listed in the link you got in the error message returned by curl:
In this specific case, point 5 could be the best solution since it looks like you are missing the needed certificate in your CA bundle:
5. Get a better/different/newer CA cert bundle! One option is to extract the one a recent Firefox browser uses by running 'make ca-bundle' in the curl build tree root, or possibly download a version that was generated this way for you: CA Extract
P.S. I removed your API Token from your reply. Please revoke that one and generate a new one.
Cheers,
Dario
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.