Greeting, I am trying to connect to the OpenAI api from python. but have failed. I have searched the openAI api documentations and openAI dev forums. My openAI version is 1.14.3. I cannot use lower version to use assistant model
import os
from openai import OpenAI
OPENAI_API_KEY = 'my-key'
os.environ['PYTHONHTTPSVERIFY'] = '0'
os.environ['REQUESTS_CA_BUNDLE'] = 'C:\MyProgram\python\certificate.crt'
client = OpenAI(api_key = OPENAI_API_KEY)
and I got the following error
File "C:\Users\Username\AppData\Local\Programs\Python\Python312\Lib\site-packages\httpx\_transports\default.py", line 86, in map_httpcore_exceptions
raise mapped_exc(message) from exc
httpx.ConnectError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate in certificate chain (_ssl.c:1000)
and
File "C:\Users\Username\AppData\Local\Programs\Python\Python312\Lib\site-packages\httpcore\_exceptions.py", line 14, in map_exceptions
raise to_exc(exc) from exc
httpcore.ConnectError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate in certificate chain (_ssl.c:1000)
I have tried the below solutions
as shown above, I have downloaded certificate from https://api.openai.com/ manually and gave my cert to os. environ followed by hardkothari1988`s answer but not worked. I have set os.environ[âPYTHONHTTPSVERIFYâ] = â0â to disable HTTPS verify but not worked either
used pip install pip_system_certs to install certs in python itself. but not worked
have used
import certifi
certifi.where()
not worked
have tried
Open api_requestor.py in a text editor. (site-packages/openai/api_requestor.py)
Find the line: s = requests.Session()
Add directly below: s.verify = False
but there was no api_requestory.py exists in current open api version.
Instead I have explored Python312\Lib\site-packages\httpx_transports\default.py
which makes error, and switched its verify flag but not worked
set openai.verify_ssl_certs = false but not worked
Yesterday I have used legacy openAI and worked well. In legacy version, there is no assistant model connection is provied so I have to use recent one. is anyone knows the solution?
I get the SSL: CERTIFICATE_VERIFY_FAILED message when my software tries to establish the connection. When I use a curl from the command line in my container⌠it works. because my root certs ARE installed properly in my container, but urllib doesnât want to use them.
Thereâs lots of examples our there on how to hand-jam root certs into urllib and create your own connection pool, but that doesnât help me because I didnât write the OpenAI module⌠so I donât know how to tell the OpenAI module to use my connection pool. I have the public keys for my root certs, theyâre sitting RIGHT there in my /etc/pki/ca-trust directory. I donât understand why urllib doesnât see them.
Maybe Iâm being stupid because Iâm thinking this doesnât seem like a hard thing⌠but I canât seem to figure it out.
Solved it. It wasnât urllib to blame, it was httpx. I put the following into my environment variables in a wrapper before I ran my python and Iâm in business.
If you want to use your own self-signed trusted root CAs, you have to tell the httpx module in python where to find them. Itâs not enough to just have them loaded in the âdefaultâ location since it doesnât use it.
Troubleshooting becomes confusing because the âcurlâ âwgetâ and the browsers (well except firefox) all use whatever certs youâve loaded into your system cert manager. But, the python httpx module uses itâs own unless you set the environment variables above.
I just wrote a bash wrapper around my app that sets these variables and now itâs working.
This isnât strictly an issue using the openai client to talk to openai.com⌠but it was an issue for me because Iâm using the openai python client to talk to a llama.cpp server. Anyway⌠thought Iâd share my experience maybe it will help somebody else along the way.
Iâv had the same error when accessing OpenAI API in PyCharm. But when executing the same code in the terminal of the same Linux machine, it works well with no connection error. After tracing the code, I finally found out the difference was due to different setting of environment variables related to SSL Certificate.
In the terminal, the environment variable SSL_CERT_DIR was set to /etc/ssl/certs, but in PyCharm environment, nothing was set so default (ââŚ/python3.8/site-packages/certifi/cacert.pemâ by certifi.where()) was used.
In more details,
httpx first tries to get SSL file or path from environments (SSL_CERT_FILE, SSL_CERT_PATH) as in the below code from httpx/_utils.py:
def get_ca_bundle_from_env() -> str | None:
if "SSL_CERT_FILE" in os.environ:
ssl_file = Path(os.environ["SSL_CERT_FILE"])
if ssl_file.is_file():
return str(ssl_file)
if "SSL_CERT_DIR" in os.environ:
ssl_path = Path(os.environ["SSL_CERT_DIR"])
if ssl_path.is_dir():
return str(ssl_path)
return None
httpx also tries to get SSLContext object given in params, or default path as in the below code from httpx/_config.py:
def load_ssl_context_verify(self) -> ssl.SSLContext:
"""
Return an SSL context for verified connections.
"""
if self.trust_env and self.verify is True:
ca_bundle = get_ca_bundle_from_env()
if ca_bundle is not None:
self.verify = ca_bundle
if isinstance(self.verify, ssl.SSLContext):
# Allow passing in our own SSLContext object that's pre-configured.
context = self.verify
self._load_client_certs(context)
return context
elif isinstance(self.verify, bool):
ca_bundle_path = self.DEFAULT_CA_BUNDLE_PATH
elif Path(self.verify).exists():
ca_bundle_path = Path(self.verify)
else:
raise IOError(
"Could not find a suitable TLS CA certificate bundle, "
"invalid path: {}".format(self.verify)
)
....
In summary,
appropriate SSL certificate should be given in
the environment variable âSSL_CERT_FILEâ
the environment variable âSSL_CERT_DIRâ
the argument âverifyâ as already-configured SSLContext object
the argument âverifyâ as the SSL certificate file path (in string)
or default certificate file path of the used python package