I have a local keycloak instance with a certificate deployed with my custom CA. This CA and the certificate were created by EasyRSA.
Using this lib to authenticate I get this error in netbox:
Connection error: HTTPSConnectionPool(host='keycloak.domain.com', port=443): Max retries exceeded with url: /realms/master/protocol/openid-connect/token (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: Basic Constraints of CA cert not marked critical (_ssl.c:1029)')))
It seems like Python 3.13 with VERIFY_X509_STRICT set requires a new flag for the CA: its basic constraint must be marked critical.
Is there a flag so we can disable this strict check and just do a "basic" check? Or do we have to disable the SSL verification completely?
I have a local keycloak instance with a certificate deployed with my custom CA. This CA and the certificate were created by EasyRSA.
Using this lib to authenticate I get this error in netbox:
It seems like Python 3.13 with
VERIFY_X509_STRICTset requires a new flag for the CA: its basic constraint must be marked critical.Is there a flag so we can disable this strict check and just do a "basic" check? Or do we have to disable the SSL verification completely?