diff --git a/README-internal.md b/README-internal.md index f519d7023..06e0a050e 100644 --- a/README-internal.md +++ b/README-internal.md @@ -1,5 +1,18 @@ This document is for internal users wanting to use this library to interact with the internal API. It will not work for `api.softlayer.com`. +## SSL: CERTIFICATE_VERIFY_FAILED fix +You need to specify the server certificate to verify the connection to the internal API since its a self signed certificate. Python's request module doesn't use the system SSL cert for some reason, so even if you can use `curl` without SSL errors becuase you installed the certificate on your system, you still need to tell python about it. Further reading: + - https://hackernoon.com/solving-the-dreadful-certificate-issues-in-python-requests-module + - https://levelup.gitconnected.com/using-custom-ca-in-python-here-is-the-how-to-for-k8s-implementations-c450451b6019 + +On Mac, after installing the softlayer.local certificate, the following worked for me: + +```bash +security export -t certs -f pemseq -k /System/Library/Keychains/SystemRootCertificates.keychain -o bundleCA.pem +sudo cp bundleCA.pem /etc/ssl/certs/bundleCA.pem +``` +Then in the `~/.softlayer` config, set `verify = /etc/ssl/certs/bundleCA.pem` and that should work. + ## Certificate Example @@ -11,14 +24,14 @@ endpoint_url = https:///v3/internal/rest/ timeout = 0 theme = dark auth_cert = /etc/ssl/certs/my_utility_cert-dev.pem -server_cert = /etc/ssl/certs/allCAbundle.pem +verify = /etc/ssl/certs/allCAbundle.pem ``` `auth_cert`: is your utility user certificate `server_cert`: is the CA certificate bundle to validate the internal API ssl chain. Otherwise you get self-signed ssl errors without this. -``` +```python import SoftLayer import logging import click @@ -37,4 +50,23 @@ if __name__ == "__main__": testAuthentication() ``` -## Employee Example \ No newline at end of file +## Employee Example + +To login with your employee username, have your config look something like this + +*NOTE*: Currently logging in with the rest endpoint doesn't quite work, so use xmlrpc until I fix [this issue](https://github.ibm.com/SoftLayer/internal-softlayer-cli/issues/10) + +``` +[softlayer] +username = +endpoint_url = https:///v3/internal/xmlrpc/ +verify = /etc/ssl/certs/allCAbundle.pem +``` + +You can login and use the `slcli` with. Use the `-i` flag to make internal API calls, otherwise it will make SLDN api calls. + +```bash +slcli -i emplogin +``` + +If you want to use any of the built in commands, you may need to use the `-a ` flag. \ No newline at end of file