Solving Ssl: certificate_verify_failed on APIs

Hardik · September 17, 2024, 7:08am

Try this here and confirm

@nawal555
Since you are facing this in debug, can you add debugging in your code to print where it is failing - TCP Handshake or any other. Also, if you can check for firewall installed which might block sharing certificate.

bharathi_komaravolu · September 17, 2024, 7:22am

@Hardik

My version : OpenSSL 3.0.13 30 Jan 2024

Bhaskar_Sriram · September 17, 2024, 8:05am

Hi @Hardik the link you have referred to is for MacOS, can you please guide me (windows user)? I have not faced this error back days, suddenly arising 1-2 days back onwards. I think I assume, this SSL issue is coming from your server. Kindly check this or provide a way to solve from our end.
Note: Already uninstalled certifi and installed and changed PATH nothing worked.

nawal555 · September 17, 2024, 11:18am

I Checked with firewall turned off as well with same results …More ever pls guide how to check debug about TCP handshake or others…
but its failing at teh very first step as per below code…

async def connect(self):
  try:
    """Initiates the connection to the Websockets."""
    if not self.ws or self.ws.closed:
        self.ws = await websockets.connect(WSS_URL)
        await self.authorize()
        await self.subscribe_instruments()

  except Exception as e:
        print("Error Due to Connect", e)

nawal555 · September 17, 2024, 4:34pm

hi Hardick,
in above code i included this and connected forcefully where I got successful Authorization but soon it is getting disconnected with reason of Invalid Client like below massage. Informatively I renew token yesterday as expired and somebody else also did the same and facing same issue??? why invalid client here???

Problem is from DHAN side …where DHAN is sending disconnection_packet[0][4] == 808: print (“Disconnected: Invalid Client ID”)

Included Code in above --: ssl_context = ssl.create_default_context()
ssl_context.check_hostname = False
ssl_context.verify_mode = ssl.CERT_NONE
Output -:
Authorizing…
Authorization successful!
Disconnected: Invalid Client

hi Hardik, Any luck if you got to look into this. Since Monday I am not able to use this …pls support

nawal555 · September 17, 2024, 5:12pm

@kalaimani_padmanabha …Did you also face error after new token generation ??? Pls confirm

bharathi_komaravolu · September 18, 2024, 5:29am

@nawal555

For me this is the case … I renewed my subscription and generated access token. From then on this is the case SSL failed error.

Hardik · September 18, 2024, 7:21am

Hello @bharathi_komaravolu @nawal555

This is a coincidence that the error occurred after generation of new token, because SSL and token are two different things.

Can you please DM your Client ID, will trail logs at our end and check token validity

kalaimani_padmanabha · September 18, 2024, 7:30am

@Hardik , @nawal555
In my case, I am a new subscriber… trying my hands for the 1st time and faced the issue… so any suggestions would be valuable… It creates a bad impression from my side when i see this considering its my 1st experience with these APIs

nawal555 · September 18, 2024, 7:33am

thanks Hardik …My Client Id is 1100286900

Hardik · September 18, 2024, 8:25am

Hello @kalaimani_padmanabha

If you are using DhanHQ library for the first time and facing SSL issues for APIs, then kindly check local certificate installed and share the certificate version.
Also, if you face this post that, then let me know.

Hardik · September 18, 2024, 8:26am

Hello @nawal555

I checked this and you are passing expired access token (checked for today’s logs). This is why you are getting Invalid Client error from the server.

nawal555 · September 18, 2024, 9:03am

hi Hadick… I guess i was working on copy of my program and forgot to update access token. But if you can logs of yesterdays. I created 3 access token so confused. Anyway I just checked and now it only working with SSL disabled or default mode like i mentioned and yesterday it was not working.
With SSL enable It is still giving errors SSL Certificate errors… Pls note it was running fine before access token expiry with SSL but now its not …

kalaimani_padmanabha · September 18, 2024, 11:37am

Hi @Hardik ,
Can you kindly guide me on local certificate installation and its subsequent validations. Was there any documentation available around it…

Hardik · September 18, 2024, 11:49am

Hello @kalaimani_padmanabha

Can you tell me which device are you using and if you can run below code to check certificate version:

ABCDIt · September 18, 2024, 12:18pm

Better way to fix local certificate issue will be

Open powershell as admin and run following two commands:

certutil -generateSSTFromWU roots.sst
certutil -addstore -f root roots.sst

*Manual changes made in python folder has to be reverted by reinstalling fresh copy of python.

nawal555 · September 19, 2024, 9:08am

hi Hardick … below is my version already provided earlier
OpenSSL 3.3.2 3 Sep 2024 (Library: OpenSSL 3.3.2 3 Sep 2024)

Hardik · September 19, 2024, 10:05am

Hello @nawal555

This is supported by our system and you should be able to fetch data. Can you check with Libre SSL as well, just in case.

kalaimani_padmanabha · September 21, 2024, 5:39am

I am using windows

kalaimani_padmanabha · September 21, 2024, 5:40am