Unable to turn off cert validation or point to CA bundle

[brsolomon-deloitte]

In the following example, API_BASE_URL is an https:// URL with self-signed certificates.

Requests fail with

[2022-12-20T18:17:49.363+0000] {views.py:659} ERROR - Error authorizing OAuth access token: HTTPSConnectionPool(host='keycloak.redacted.redacted, port=443): Max retries exceeded with url: /auth/realms/redacted/protocol/openid-connect/token (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate (_ssl.c:1129)')))

How can we either:

• Set TLS verification to false, or
• Preferably, point FAB OAUTH_PROVIDERS config to a CA bundle to validate the cert?

OAUTH_PROVIDERS = [
    {
        "name": "keycloak",
        "token_key": "access_token",
        "icon": "fa-key",
        "remote_app": {
            "api_base_url": API_BASE_URL,
            "client_kwargs": {"scope": "email profile"},
            "access_token_url": f"{API_BASE_URL}/token",
            "authorize_url": f"{API_BASE_URL}/auth",
            "request_token_url": None,
            "client_id": CLIENT_ID,
            "client_secret": CLIENT_SECRET,
        },
    }
]

[dpgaspar]

You probably can achieve this at the OS level, add your CA cert to the trusted CA's

something similar to, it depends on the OS:
sudo cp my-self-signed-cert.crt /usr/local/share/ca-certificates/
sudo update-ca-certificates