Once you run some command in the AWS CLI, for example aws s3 ls
, you may get the error as follows:
SSL validation failed for <endpoint_url> [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed
To work around the issue you can add the --no-verify-ssl
option to the AWS CLI:
$ aws s3 ls --no-verify-ssl
But this is not secure and will cause the following warning:
InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
Cool Tip: How to get SSL certificate from a server (site’s URL)! Read more →
AWS CLI: SSL Validation Failed
To use the AWS CLI with HTTPS certificate verification, it is required to specify the path to a custom certificate bundle.
This can be done by setting the AWS_CA_BUNDLE
environment variable.
Linux: $ export AWS_CA_BUNDLE="/data/ca-certs/ca-bundle.pem" Windows: PS C:\> setx AWS_CA_BUNDLE C:\data\ca-certs\ca-bundle.pem
Or by using the --ca-bundle
command-line parameter:
$ aws s3 ls --ca-bundle "/data/ca-certs/ca-bundle.pem"
Or by setting the ca_bundle
in the AWC CLI configuration file:
$ nano ~/aws/.config $ cat ~/aws/.config [default] ca_bundle = /data/ca-certs/ca-bundle.pem
same errr
The following text:
“To workaround the issue you can add the –no-verify-ssl option to the AWS CLI:”
needs to be replaced with the following text:
“To work around the issue, you can add the –no-verify-ssl option to the AWS CLI:”
Done. Thanks.
what is this .pem file? is it something I can generate? my ubuntu has no /data/ directory. Do I need to configure SSL on my desktop?
where can I get this? “/data/ca-certs/ca-bundle.pem”
the AWS ca_bundle.pem is included in the AWS CLI. Do you have that installed? If not, you can install it or upgrade it if it is old. See this thread: https://stackoverflow.com/questions/32946050/ssl-certificate-verify-failed-in-aws-cli