These InsecureRequestWarning warning messages show up when a request is made to an HTTPS URL without certificate verification enabled.
we will cover how to fix InsecureRequestWarning with 3 examples in this article.
In the first and second examples, we will skip the SSL certificate check. For the third example, we will add the CA bundle in the code to check the SSL certificate.
Why InsecureRequestWarning happen?
The SSL connection will be established based on the following process. We will get errors if any of these steps does not go well.
- The client sends a request to the server for a secure session. The server responds by sending its X.509 digital certificate to the client.
- The client receives the server’s X.509 digital certificate.
- The client authenticates the server, using a list of known certificate authorities.
- The client generates a random symmetric key and encrypts it using server’s public key.
- The client and server now both know the symmetric key and can use the SSL encryption process to encrypt and decrypt the information contained in the client request and the server response.
When the client receives the server’s certificate, it begins chaining that certificate back to its root. It will begin by following the chain to the intermediate that has been installed, from there it continues tracing backwards until it arrives at a trusted root certificate.
If the certificate is valid and can be chained back to a trusted root, it will be trusted. If it can’t be chained back to a trusted root, the browser will issue a warning about the certificate.
Fix InsecureRequestWarning in Python urllib3
from urllib3.exceptions import InsecureRequestWarning
from urllib3 import disable_warnings
Related: Understanding SSL certificates
Fix InsecureRequestWarning in Python requests
response = requests.get(url=”, verify=False)
the error message is below: InsecureRequestWarning: Unverified HTTPS request is being made. We can add the following codes to fix it.
Fix InsecureRequestWarning in Python requests with CA Bundle
Go to http://certifiio.readthedocs.io/en/latest/ to get the Raw CA Bundle
- Download the raw CA Bundle in Click How do I use it? in that page and put this file in the project directory
- Modify the storage path of the file downloaded in the previous step
requests.post(url=API_SERVER, headers=headers, data=json.dumps(data), verify=’CA_PATH‘)