requests.exceptions.SSLError: SSL: CERTIFICATE_VERIFY_FAILED

[tmiroslav]

I am using ansible hashivault modules to manage secrets in vault. After enabling TLS in VAULT I am running into issue where it fails to verify SSL. I have been trying to set REQUESTS_CA_BUNDLE ev variable as mentioned (https://hvac.readthedocs.io/en/v0.6.4/advanced_usage.html#making-use-of-private-ca), but have not managed to make it work. Also, I did not want to set VAULT_SKIP_VERIFY env variable. Do you have any advice what should be done?

[msetegn]

You likely aren't pointing to the correct CA Bundle OR the permissions on your ca.crt are slightly incorrect.

If it's the former, check out this stack overflow issue.

If it's the latter, run chmod 0600 {put_ca_file} in your cmd line prompt.

[Tylerlhess]

You have to set the verify kwarg to the CA bundle. This error message should be made clearer by #691 but that should also allow you to set certs at the time of authentication also.