balena = Balena()
credentials = {‘username’:"******", ‘password’:"******"}
print(balena.auth.login(**credentials))
requests.exceptions.SSLError: HTTPSConnectionPool(host='api.MYHOST.xyz', port=443): Max retries exceeded with url: /login_ (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')],)",),))
How to provide ssl?
Hi there,
At first glance, this looks like you’re trying to use the SDK against an openBalena instance where you’ve generated your own certificate. You should be able to use the REQUESTS_CA_BUNDLE envvar to point to a file containing trusted CAs (so in this case, pointing to a file with your self-signed CA in). This should then allow python to correctly verify the server certificate as valid.
Best regards,
Heds
Thanks. Missed this in docs. Could you please point me to this part in balena-sdk?
Hi @mexekanez,
This isn’t balena specific, but is a Python environment variable. Here’s a StackOverflow answer that discusses it (first hit I could find on Google): https://stackoverflow.com/questions/31448854/how-to-force-requests-use-the-certificates-on-my-ubuntu-system
This is similar in effect to NodeJS’s NODE_EXTRA_CA_CERTS environment variable, which also allows the passing in of self-signed CAs.
Best regards,
Heds
Understood. Thanks. no more questions
Hi, I am having the same trouble to connect to balena through the python sdk, how did you manage to solve it? by doing export REQUESTS_CA_BUNDLE='/path/to/cert/ca.crt' ?
Thaks
same trouble to connect to balena through
Are you meaning balenaCloud or openBalena?
balenaapi = Balena()
credentials={‘username’:‘email@domain.com’,‘password’:‘pwdpwd’}
balena.auth.login(**credentials)
I am trying to connect to openBalena as with the balenaCli
I am not an expert with the python SDK but you will need to do a couple of things:
I am not an expert with the python SDK but you will need to do a couple of things:
The first point should be achieved by the mechanism you mentioned; using the bundle environment variable.
The second point I am not sure, but it looks like the SDK is pulling the config from your home directory ~/.balena/ so take a look in there and see if the API URLs are pointing to your openBalena instance.
so:
export REQUESTS_CA_BUNDLE=‘/path/to/cert/ca.crt’
sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain ~/path/to/certificate/ca.crt
and then in the ./balena/balena.cfg
[Settings]
pine_endpoint = https://api.mydomain.org/v5/
api_endpoint = https://api.mydomain.org/
builder_url = https://builder.balena-cloud.com/
api_version = v5
device_actions_endpoint_version = v1
data_directory = /Users/user/.balena
image_cache_time = 604800000
token_refresh_interval = 3600000
timeout = 30000
cache_directory = /Users/user/.balena/cache
right?
Sure, this looks right but I cannot be sure. Please let us know if that works 
It worked! Thanks for the help!! 