Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-12-2025 06:05 AM
In API communication with Azure Databricks, it is not necessary to manually install or configure an SSL certificate on the client side because Azure Databricks endpoints inherently use TLS (Transport Layer Security) for secure communication. To address the security scanner flagging the use of
verify=False, here are the best practices:-
Enable SSL Verification (
verify=True😞- Setting
verify=Trueensures that Python'srequestslibrary verifies the SSL certificate presented by the server, which is important for securing HTTPS connections. This is the recommended approach.
- Setting
-
Provide a Certificate Bundle:
- If the default CA certificates provided by your system are insufficient (e.g., due to network configurations or specific enterprise policies), you can explicitly provide a trusted certificate bundle using the
verifyparameter. For example:python response = requests.get( 'https://%s/api/2.0/clusters/list' % (databricks_domain), headers=request_headers, verify='/path/to/certifi/cacert.pem' )Ensure the certificate bundle used is reliable and up-to-date.
- If the default CA certificates provided by your system are insufficient (e.g., due to network configurations or specific enterprise policies), you can explicitly provide a trusted certificate bundle using the
-
Avoid Using
verify=False:- Disabling SSL verification (
verify=False) bypasses the security validation of the server's certificate, which raises security concerns like exposure to MITM (Man-in-the-Middle) attacks. Therefore, this approach should be avoided.
Hope this helps. Cheers, Lou.
- Disabling SSL verification (
By adhering to these practices, you ensure secure and compliant communication with Azure Databricks endpoints. If unusual SSL-related issues arise, consider determining if your organization’s IT policies or network configurations require additional adjustments to the certificate validation process.
