弊社のソフトウェアはpythonのrequestsでSSL通信を行っているが、今回証明書を更新するタイミングでssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failedが出て焦った。
これ原因は中間証明書にあります!
例えばアルファSSLだとG2の有効期限は2024-02-20で、G4は2027-10-12までで、私は2027年までのG4の証明書だけをPEMにして入れたらいいと思ってました。
これ違います!
実は中間証明書は階層構造になっていて、G2の証明書とG4の証明書の両方が必要になります!
https://info-globalsign.com/news/20221108
なので
NG:
—–BEGIN CERTIFICATE—–
Your CRT
—–END CERTIFICATE—–
—–BEGIN CERTIFICATE—–
MIIEijCCA3KgAwIBAgIQfU1CqStDHX5kU+fBmo1YdzANBgkqhkiG9w0BAQsFADBX
MQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1zYTEQMA4GA1UE
CxMHUm9vdCBDQTEbMBkGA1UEAxMSR2xvYmFsU2lnbiBSb290IENBMB4XDTIyMTAx
MjAzNDk0M1oXDTI3MTAxMjAwMDAwMFowTDELMAkGA1UEBhMCQkUxGTAXBgNVBAoT
EEdsb2JhbFNpZ24gbnYtc2ExIjAgBgNVBAMTGUFscGhhU1NMIENBIC0gU0hBMjU2
IC0gRzQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtJCmVZhWIPzOH
A3jP1QwkuDFT8/+DImyZlSt85UpZwq7G0Sqd+n8gLlHIZypQkad5VkT7OLU+MI78
lC7LVwxpU19ExlaWL67ANyWG8XHx3AJFQoZhuDbvUeNzRQyQs6XS5wN6uDlF0Bf1
AtCUQWrGGLGYwyC1xTrzgrFKpESsIXMqklUGTsh8i7DKZhRUVfgrPLJUkbbLUrLY
42+KRCiwfSvBloC5PgDYnj3oMZ1aTe3Wfk3l1I4D3RKaJ4PU1qHXhHJOge2bjGIG
l6MsaBN+BB2sr6EnxX0xnMIbew2oIfOFoLqs47vh/GH4JN0qql2WBHfDPVDm3b+G
QxY6N/LXAgMBAAGjggFbMIIBVzAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0lBBYwFAYI
KwYBBQUHAwEGCCsGAQUFBwMCMBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYE
FE/LrKjC76vdg29rv86YPVxYJXYVMB8GA1UdIwQYMBaAFGB7ZhpFDZfKiVAvfQTN
NKj//P1LMHoGCCsGAQUFBwEBBG4wbDAtBggrBgEFBQcwAYYhaHR0cDovL29jc3Au
Z2xvYmFsc2lnbi5jb20vcm9vdHIxMDsGCCsGAQUFBzAChi9odHRwOi8vc2VjdXJl
Lmdsb2JhbHNpZ24uY29tL2NhY2VydC9yb290LXIxLmNydDAzBgNVHR8ELDAqMCig
JqAkhiJodHRwOi8vY3JsLmdsb2JhbHNpZ24uY29tL3Jvb3QuY3JsMCEGA1UdIAQa
MBgwCAYGZ4EMAQIBMAwGCisGAQQBoDIKAQMwDQYJKoZIhvcNAQELBQADggEBABol
9nNkiECpWQenQ7oVP1FhvRX/LWTdzXpdMmp/SELnEJhoOe+366E0dt8tWGg+ezAc
DPeGYPmp83nAVLeDpji7Nqu8ldB8+G/B6U9GB8i2DDIAqSsFEvcMbWb5gZ2/DmRN
cifGi9FKAuFu2wyft4s4DHwzL2CJ2zjMlUOM3RaE1cxuOs+Om6MCD9G7vnkAtSiC
/OOfHO902f4yI2a48K+gKaAf3lISFXjd32pwQ21LpM3ueIGydaJ+1/z8nv+C7SUT
5bHoz7cYU27LUvh1n2WSNnC6/QwFSoP6gNKa4POO/oO13xjhrLRHJ/04cKMbRALt
JWQkPacJ8SJVhB2R7BI=
—–END CERTIFICATE—–
OK:
—–BEGIN CERTIFICATE—–
Your CRT
—–END CERTIFICATE—–
—–BEGIN CERTIFICATE—–
MIIGVDCCBTygAwIBAgIMCJEO0BA+aoDxjYPKMA0GCSqGSIb3DQEBCwUAMEwxCzAJ
BgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMSIwIAYDVQQDExlB
bHBoYVNTTCBDQSAtIFNIQTI1NiAtIEc0MB4XDTIzMDIxMjEyNTAxN1oXDTI0MDMx
NTEyNTAxNlowHTEbMBkGA1UEAwwSKi5tZWRpY2FsZmllbGRzLmpwMIIBIjANBgkq
hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm48J3rSAZWccx0w+43wR6LaAG6CiECmf
fGBlqNbzojoDlNM+aEIiNvYKspkxQhu1C+pZJ1wfHHqR7Zir+km7I9e+tXuP8pGA
T7gkxFGgPCB3xEQZ51kp105idV7mVdIwS7FGgHeetboCZDty+KqXc3SzUCdXKAyO
YCQQN9i0UI6PZ2zvBm5QMWDTzFQyYPld04ACABPEH7k6uK5arXkt7rZKOjHhDc8Q
bhf6XkGwX5qdG8Db9/MkqsgZ1PdkvOKkFR1vv/5QOslMGopatq1E15hqCGfB+541
Cgcua6oG/AdL9nMPTXkw0+cNKewYKXSATr5E21+ZaIFDpAJpSAecSwIDAQABo4ID
YzCCA18wDgYDVR0PAQH/BAQDAgWgMIGTBggrBgEFBQcBAQSBhjCBgzBGBggrBgEF
BQcwAoY6aHR0cDovL3NlY3VyZS5nbG9iYWxzaWduLmNvbS9jYWNlcnQvYWxwaGFz
c2xjYXNoYTI1Nmc0LmNydDA5BggrBgEFBQcwAYYtaHR0cDovL29jc3AuZ2xvYmFs
c2lnbi5jb20vYWxwaGFzc2xjYXNoYTI1Nmc0MFcGA1UdIARQME4wCAYGZ4EMAQIB
MEIGCisGAQQBoDIKAQMwNDAyBggrBgEFBQcCARYmaHR0cHM6Ly93d3cuZ2xvYmFs
c2lnbi5jb20vcmVwb3NpdG9yeS8wCQYDVR0TBAIwADBBBgNVHR8EOjA4MDagNKAy
hjBodHRwOi8vY3JsLmdsb2JhbHNpZ24uY29tL2FscGhhc3NsY2FzaGEyNTZnNC5j
cmwwLwYDVR0RBCgwJoISKi5tZWRpY2FsZmllbGRzLmpwghBtZWRpY2FsZmllbGRz
LmpwMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAfBgNVHSMEGDAWgBRP
y6yowu+r3YNva7/OmD1cWCV2FTAdBgNVHQ4EFgQUAXsU+ABU/dt1i/xKq0JNwrQs
ghswggF+BgorBgEEAdZ5AgQCBIIBbgSCAWoBaAB2AEiw42vapkc0D+VqAvqdMOsc
UgHLVt0sgdm7v6s52IRzAAABhkWtNUQAAAQDAEcwRQIhAPgamklBv6V/FsBj0x3J
JwP88Kg/d+grzVMlEIgs+o7TAiA+PoRMp+m6L9lWicyBtHHgcUn8mvKcrxVRJF4f
rJt6jwB1AO7N0GTV2xrOxVy3nbTNE6Iyh0Z8vOzew1FIWUZxH7WbAAABhkWtNhsA
AAQDAEYwRAIgbk9SKl405qzjKBxrojOfA5BaaiQTUDMGAXnM5wqAzYcCIBciIXnd
GfCET5allakjTSz8RSdFjQI0W7+/1iRk5LLvAHcA2ra/az+1tiKfm8K7XGvocJFx
bLtRhIU0vaQ9MEjX+6sAAAGGRa0zmAAABAMASDBGAiEA4ekNPp+uSlKHIYxs2XR/
w09GCv04P55jRHQQSORpps4CIQC7qG0qhsPhnLK+t6hJEvXZi7AJ2NYPxtc5nGWZ
JOBKWTANBgkqhkiG9w0BAQsFAAOCAQEAMzxtntb/K0oJWUf6j0NsIMK6oIIKsUou
HRTesA0jjFYGWDAXXom6pNBkQK5I/EkU/TNdhvLRSwJD4u1BAuqpp/p2uvQQdzOI
Cvf1sA9yNRomHvay0hkLw3XU6Va4mPHWfvKkFXtrl+0I1MDZBBYbYD03IpBV8XrY
2YiSOMIbKZXLIZUHz0Pt7jitj4nvrO0ijWogoU1aHjEK0qWKlFgg73nZtB0gTOQk
JyLYlJe+xswXl1LJaPXKH29yo2DaUI1BA7zVD0Hxw8vzer7siImWQ3FgVE5yrYRp
+fN5yMgOAPYqXWvcS6ndLGe9kaGSpLpfo6sNlAnR786ZV84/tAQCeQ==
—–END CERTIFICATE—–
—–BEGIN CERTIFICATE—–
MIIEijCCA3KgAwIBAgIQfU1CqStDHX5kU+fBmo1YdzANBgkqhkiG9w0BAQsFADBX
MQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1zYTEQMA4GA1UE
CxMHUm9vdCBDQTEbMBkGA1UEAxMSR2xvYmFsU2lnbiBSb290IENBMB4XDTIyMTAx
MjAzNDk0M1oXDTI3MTAxMjAwMDAwMFowTDELMAkGA1UEBhMCQkUxGTAXBgNVBAoT
EEdsb2JhbFNpZ24gbnYtc2ExIjAgBgNVBAMTGUFscGhhU1NMIENBIC0gU0hBMjU2
IC0gRzQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtJCmVZhWIPzOH
A3jP1QwkuDFT8/+DImyZlSt85UpZwq7G0Sqd+n8gLlHIZypQkad5VkT7OLU+MI78
lC7LVwxpU19ExlaWL67ANyWG8XHx3AJFQoZhuDbvUeNzRQyQs6XS5wN6uDlF0Bf1
AtCUQWrGGLGYwyC1xTrzgrFKpESsIXMqklUGTsh8i7DKZhRUVfgrPLJUkbbLUrLY
42+KRCiwfSvBloC5PgDYnj3oMZ1aTe3Wfk3l1I4D3RKaJ4PU1qHXhHJOge2bjGIG
l6MsaBN+BB2sr6EnxX0xnMIbew2oIfOFoLqs47vh/GH4JN0qql2WBHfDPVDm3b+G
QxY6N/LXAgMBAAGjggFbMIIBVzAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0lBBYwFAYI
KwYBBQUHAwEGCCsGAQUFBwMCMBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYE
FE/LrKjC76vdg29rv86YPVxYJXYVMB8GA1UdIwQYMBaAFGB7ZhpFDZfKiVAvfQTN
NKj//P1LMHoGCCsGAQUFBwEBBG4wbDAtBggrBgEFBQcwAYYhaHR0cDovL29jc3Au
Z2xvYmFsc2lnbi5jb20vcm9vdHIxMDsGCCsGAQUFBzAChi9odHRwOi8vc2VjdXJl
Lmdsb2JhbHNpZ24uY29tL2NhY2VydC9yb290LXIxLmNydDAzBgNVHR8ELDAqMCig
JqAkhiJodHRwOi8vY3JsLmdsb2JhbHNpZ24uY29tL3Jvb3QuY3JsMCEGA1UdIAQa
MBgwCAYGZ4EMAQIBMAwGCisGAQQBoDIKAQMwDQYJKoZIhvcNAQELBQADggEBABol
9nNkiECpWQenQ7oVP1FhvRX/LWTdzXpdMmp/SELnEJhoOe+366E0dt8tWGg+ezAc
DPeGYPmp83nAVLeDpji7Nqu8ldB8+G/B6U9GB8i2DDIAqSsFEvcMbWb5gZ2/DmRN
cifGi9FKAuFu2wyft4s4DHwzL2CJ2zjMlUOM3RaE1cxuOs+Om6MCD9G7vnkAtSiC
/OOfHO902f4yI2a48K+gKaAf3lISFXjd32pwQ21LpM3ueIGydaJ+1/z8nv+C7SUT
5bHoz7cYU27LUvh1n2WSNnC6/QwFSoP6gNKa4POO/oO13xjhrLRHJ/04cKMbRALt
JWQkPacJ8SJVhB2R7BI=
—–END CERTIFICATE—–
としましょう