These InsecureRequestWarning warning messages show up when a request is made to an HTTPS URL without certificate verification enabled.
we will cover how to fix InsecureRequestWarning with 3 examples in this article.
In the first and second examples, we will skip the SSL certificate check. For the third example, we will add the CA bundle in the code to check the SSL certificate.
Table of Contents
Why InsecureRequestWarning happen?
The SSL connection will be established based on the following process. We will get errors if any of these steps does not go well.
Get Your Free Linux training!
Join our free Linux training and discover the power of open-source technology. Enhance your skills and boost your career! Learn Linux for Free!- The client sends a request to the server for a secure session. The server responds by sending its X.509 digital certificate to the client.
- The client receives the server’s X.509 digital certificate.
- The client authenticates the server, using a list of known certificate authorities.
- The client generates a random symmetric key and encrypts it using server’s public key.
- The client and server now both know the symmetric key and can use the SSL encryption process to encrypt and decrypt the information contained in the client request and the server response.
When the client receives the server’s certificate, it begins chaining that certificate back to its root. It will begin by following the chain to the intermediate that has been installed, from there it continues tracing backwards until it arrives at a trusted root certificate.
If the certificate is valid and can be chained back to a trusted root, it will be trusted. If it can’t be chained back to a trusted root, the browser will issue a warning about the certificate.
Related: Check SSL Certificate Chain with OpenSSL Examples
Fix InsecureRequestWarning in Python urllib3
from urllib3.exceptions import InsecureRequestWarning
from urllib3 import disable_warnings
disable_warnings(InsecureRequestWarning)
Related: Understanding SSL certificates
Fix InsecureRequestWarning in Python requests
import requests
response = requests.get(url='', verify=False)
the error message is below: InsecureRequestWarning: Unverified HTTPS request is being made. We can add the following codes to fix it.
import requests
requests.packages.urllib3.disable_warnings()
Fix InsecureRequestWarning in Python requests with CA Bundle
- Download the latest CA file from here.
- put this file in the project directory
requests.post(url=API_SERVER, headers=headers, data=json.dumps(data), verify='CA_PATH')
requests.get('https://github.com', verify='/path/to/certfile')
Daniel Lim
Wednesday 22nd of November 2023
The warning InsecureRequestWarning is triggered when you make a request to a secure HTTPS endpoint, but the SSL certificate of the server cannot be verified.
This might be due to a self-signed certificate, a certificate from an untrusted authority, or a mismatch in the certificate's domain.
Thanks.