Databricks

Ankur_K · ‎10-22-2023

I'm trying to connect to tables/views in Databricks using Python(via VS Code). However, I'm getting the following error:-
File "C:\Users\XXXXXXXX\AppData\Roaming\Python\Python311\site-packages\urllib3\util\retry.py", line 592, in increment
raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='xxx-lakehouse-prod.cloud.databricks.com', port=443): Max retries exceeded with
url: /sql/1.0/warehouses/293f5a865d0f529e (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: CA signature digest algorithm too weak (_ssl.c:992)')))

NO LUCK although I've gone through several posts in Databricks:-
https://community.databricks.com/t5/data-engineering/importing-ca-certificate-into-a-databricks-clus...
https://community.databricks.com/t5/data-engineering/how-can-i-resolve-this-ssl-error-which-occurrs-...

Kaniz · ‎10-30-2023

Hi @Ankur_K, The error message you're encountering indicates an issue with verifying the SSL certificate for the provided URL. This "certificate verify failed" error can be due to various factors.

Here are some steps to resolve the problem:

Check SSL Certificate Status: Ensure that your SSL certificate is up-to-date and valid. Expired or incorrect SSL certificates can lead to certificate verification errors. Contact your certificate provider to renew or update your SSL certificate if necessary.
Specify SSL Version: You can attempt to specify a different SSL version in your Python code. For instance, consider using ssl.PROTOCOL_TLSv1_2 instead of ssl.PROTOCOL_SSLv3.

Here's an example of how to do it using the ssl module in Python:
```
import ssl
import urllib.request

ssl_context = ssl.SSLContext(ssl.PROTOCOL_TLSv1_2)
url = 'https://xxx-lakehouse-prod.cloud.databricks.com/sql/1.0/warehouses/293f5a865d0f529e'
req = urllib.request.urlopen(url, context=ssl_context)
```
Changing the SSL protocol might help establish a secure connection.
Add CA Certificate to Trusted Store: Manually adding the CA certificate to your system's trusted certificate store is another option. On most Linux systems, the trusted certificate store can be found in /etc/ssl/certs. However, it's crucial to verify the authenticity of the certificate with the certificate authority (CA) that issued it before adding it manually. Follow the steps in the provided link to add the certificate to your system's trusted store.

These steps should help you address the "certificate verify failed" error and establish a secure SSL connection. Remember to handle SSL certificates with care, as they are crucial for secure communication over HTTPS.

Ankur_K · ‎11-03-2023

Thanks Kaniz!
1. I've checked the SSL certificate which is up-to-date.
2. Also attempted Specify SSL i.e. Version usingssl.PROTOCOL_TLSv1_2instead ofssl.PROTOCOL_SSLv3. It shoots deprecated warning.
3 "Add CA Certificate to Trusted Store":- I exported and added to my windows path(certs file).
Long story short:- none of them worked out for me.
My hunch:- my organisation might have configured firewall which prevents unauthorised APIs and causing certificate error message. Just working out my platform team if they can assist. Otherwise we can close this.

Databricks

Connecting to Databricks using Python(VS Code)

Building DBRX-class Custom LLMs with Mosaic AI Training

Accurate, Safe and Governed: How to Move GenAI from POC to Production

Exciting Announcement: Introducing our Learning Library!

Databricks Community Social, May 2024 - Speaker session around Training offerings

🔔 Attention Databricks Academy Users: SSO Implementation Incoming! Secure Your Account Today!