SSL certificate verification failed when using pyral with CA Agile Central on-premises

Document ID : KB000057515
Last Modified Date : 14/02/2018
Show Technical Document Details

Issue

A user gets pyral.context.RallyRESTAPIError: SSL certificate verification failed error when using CA Agile Central Rest Toolkit for Python.

Resolution

SSL certificates use a chain of trust, where each certificate is signed by a higher, more credible certificate. At the top of the chain of trust are the root certificates, owned by Verisign or others certifcate authorities.
When using a self-signed certificate, there is no chain of trust. A web browser will issue a warning when a web site certificate cannot be verified, but the user can dismiss the warning and it will not appear again.
CA Agile Central on-premises copy comes with a self-signed certificate that will case this error
If using pyral . We have to explicitly disable the verification in the code using verify_ssl_cert=False
?
rally = CA Agile Central(server, user=username, 
                  password=password, 
                  workspace=workspace, 
                  project=project, 
                  verify_ssl_cert=False)


This article uses showdefects.py example available in the examples directly, which comes with pyral installation.
The source of this example is available in the github repo, and also attached to this article.

Follow the steps below to establish that you can connect to your on-premises instance of CA Agile Central and get the expected data. The code queries defects by State: 'State != Closed'

1. Create config file that follows the format below.
Here is the content of a sample config file onprem.cfg. Use values valid in your environment:
?
SERVER = 10.32.16.89
USER   = user@co.com
PASSWORD = secret
WORKSPACE = First Workspace
PROJECT = Sample Project

2. Modify code in showdefects.py example to make sure that SSL certificate verification is disabled:
?
rally = CA Agile Central(server, user=username, password=password, workspace=workspace, project=project, verify_ssl_cert=False)

3. Run the file in the terminal following this syntax:

python filename --cfg=configname

The screenshot below reflects that the current directory is?pyral-1.1.0, and the scrip is inside the examples directory pyral-1.1.0/examples, and the config file onprem.cfg is directly in the pyral-1.1.0 directory. It also reflects that the script was run successfully and two defects were returned:

User-added image

As a comparison, if we did not explicitly disable certificate validation, the terminal output will look like this:

User-added image


?

Attachments:

File Attachments:
TEC01000001997.zip