Valid Certificate Path Problem

d3h637 · December 16, 2019, 3:28pm

Thank you so much for the quick response. Unfortunately, that didn’t get rid of the error. Below is my script, and the error I’m receiving. Does this look right? The code works with 7.9.4, but not 8.0.3.

headers = {“username”:“username”, “password”:“password”, “bypassCertValidation”:“True”}
response = system.net.httpPost(“https://url”, headers)
PyResponse = system.util.jsonDecode(response)

… Process PyResponse

Traceback (most recent call last):
File “event:actionPerformed”, line 3, in
IOError: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

PGriffith · December 16, 2019, 3:43pm

Nope - you need to pass bypassCertValidation=True as a keyword argument to the system.net.httpPost function, like so:

headers = {“username”:“username”, “password”:“password”}
response = system.net.httpPost(“https://url”, headers, bypassCertValidation=True)
PyResponse = system.util.jsonDecode(response)

Also, tooting my own horn, but if you upgrade to 8.0.6 you can use the new system.net.httpClient, which is a bit more powerful and generally gives you better error messages as well. The equivalent code snippet would be:

headers = {“username”:“username”, “password”:“password”}
PyResponse = system.net.httpClient(bypass_cert_validation=True).post(“https://url”, headers=headers).json

c-w-t · December 16, 2019, 6:40pm

Ohhhhh I didn’t know about this one!! Missed it in the release notes I guess.

d3h637 · March 4, 2021, 8:20pm

After talking with the vendor, I waited on a new version of the API before I kept working on this. I used your httpClient in this new code, but get an error 411 when I send the post. This appears to be an issue with Content-Length not being sent. However, if I try to include Content-Length in the headers, I get an error that Content-Length is protected. Any ideas. Below is the code I have.

Client = system.net.httpClient(bypass_cert_validation=True, username=“username”, password=“password”)
Response = Client.post(“https://URL”)
print Response.statusCode

PGriffith · March 4, 2021, 8:45pm

The underlying Java HTTPClient only sends the Content-Length header if it’s 1: capable of determining it and 2: if it’s not 0. Unfortunately, that means you have to send some body to get the client to send a Content-Length header, which may end up causing a different error with your server…

for k, v in system.net.httpClient().post("https://httpbin.org/post", data="a").json.items():
	print k, v

>>>
headers {'User-Agent': u'Ignition', 'Host': u'httpbin.org', 'X-Amzn-Trace-Id': u'Root=1-60414683-5b27b6ba2e1168104773e0c9', 'Content-Length': u'1', 'Content-Type': u'text/plain; charset=utf-8'}
data 1
origin 104.220.10.151
url https://httpbin.org/post
args {}
form {}
files {}
json 1

d3h637 · March 4, 2021, 9:07pm

Thanks for the quick response. That worked. I sent the username and password in the data instead of the header, and that resolved the problem.

mailtosshyam · October 10, 2024, 8:32am

do we have any other fix for this?

Kevin.Herron · October 10, 2024, 2:00pm

This post is pretty old. Go ahead and start a new topic where you explain the issue you're having, including your Ignition version and any other relevant details.