Connect to a Server with SSL: How to Ignore Verification

Learn how to connect to a server by ignoring the server's self-signed certificate.

How to ignore verification

A certificate signed by a Certificate Authority (CA) forms the basis of HTTPS-enabled websites and services. The CA itself is a certificate (cert) that is used to sign other certs. However, if the CA cert used by the service isn’t present in the client’s system, then there are two approaches:

  1. Ignore the cert verification process and proceed to fetch data from the endpoint.
  2. Load the CA cert manually, pass it on to the verification process, and then proceed to fetch data from the endpoint.

The most common reason for a CA cert to not be present in the system is that the server cert is self-signed, i.e., the owner of the service has issued both the server cert and the CA cert. From a security standpoint, approach 1 should be used only until the CA cert is obtained from the owner of the service. Once it’s obtained, approach 2 should replace approach 1.

In this lesson, we’ll look at how to ignore the verification of certificates. We’ll use the requests library that we decided upon in the last lesson. The service that we’ll use for checking our REST client code will be https://self-signed.badssl.com, as it provides a self-signed certificate for testing purposes.

Note: We’ll be building upon the example created in the last lesson to create two REST clients, one with SSL verification enabled and one without, to demonstrate both responses.

The requests library accepts a set of options to configure the underlying connection. One of them relates to the verification of SSL certs.

Without further ado, let’s start.

Get hands-on with 1400+ tech skills courses.