Skip to Content

3 Ways to Fix InsecureRequestWarning in Python

These InsecureRequestWarning warning messages show up when a request is made to an HTTPS URL without certificate verification enabled.

we will cover how to fix InsecureRequestWarning with 3 examples in this article.

In the first and second examples, we will skip the SSL certificate check.  For the third example, we will add the CA bundle in the code to check the SSL certificate.

Why InsecureRequestWarning happen?

The SSL connection will be established based on the following process.   We will get errors if any of these steps does not go well.

  • The client sends a request to the server for a secure session. The server responds by sending its X.509 digital certificate to the client.
  • The client receives the server’s X.509 digital certificate.
  • The client authenticates the server, using a list of known certificate authorities.
  • The client generates a random symmetric key and encrypts it using server’s public key.
  • The client and server now both know the symmetric key and can use the SSL encryption process to encrypt and decrypt the information contained in the client request and the server response.

 

When the client receives the server’s certificate, it begins chaining that certificate back to its root. It will begin by following the chain to the intermediate that has been installed, from there it continues tracing backwards until it arrives at a trusted root certificate.

If the certificate is valid and can be chained back to a trusted root, it will be trusted. If it can’t be chained back to a trusted root, the browser will issue a warning about the certificate.

Related: Check SSL Certificate Chain with OpenSSL Examples

Fix InsecureRequestWarning in Python urllib3

from urllib3.exceptions import InsecureRequestWarning
from urllib3 import disable_warnings
disable_warnings(InsecureRequestWarning)

Related: Understanding SSL certificates

Fix InsecureRequestWarning in Python requests

import requests
response = requests.get(url='', verify=False)

the error message is below: InsecureRequestWarning: Unverified HTTPS request is being made. We can add the following codes to fix it.

import requests
requests.packages.urllib3.disable_warnings()

Fix InsecureRequestWarning in Python requests with CA Bundle

 

requests.post(url=API_SERVER, headers=headers, data=json.dumps(data), verify='CA_PATH')

requests.get('https://github.com', verify='/path/to/certfile')

5 ways to check SSL Certificate

4 Ways to Check SSL Certificate Expiration date

Daniel Lim

Wednesday 22nd of November 2023

The warning InsecureRequestWarning is triggered when you make a request to a secure HTTPS endpoint, but the SSL certificate of the server cannot be verified.

This might be due to a self-signed certificate, a certificate from an untrusted authority, or a mismatch in the certificate's domain.

Thanks.