Databricks - Error setting certificate verify locations even though file exists
I have an issue with SSL certificates that I cannot wrap my head around, and I am unsure whether it is a problem with Databricks' sometimes confusing file system or with the way curl / certificates works.
Our app uses an API to connect to a company-internal resource. To avoid the well-known "self-signed certificate in certificate chain", we provide the companies publicly-hosted .crt file with the API call. The app is in Python, but to break it down to curl commands, we use the following inside Databricks:
As you can see, this complains about certificate verify locations. However, the file definitely does exist:
On my local PC in an Ubuntu shell, the exact same command (with --cacert providing the .crt file location) works perfectly fine - so I am kind of stuck on what to do here. Can this error be triggered by something else then the file not being in the location? E.g. firewall issues? Does Databricks maybe treat the /tmp/ path in a special way? Any ideas to further debug this?
I found some related threads on stackoverflow, e.g. this one, but I already tried moving the .crt file to a different folder or executing curl as sudo, nothing worked. Happy about any suggestions or leads.
So as it turns out, this was an issue with our firewall in combination with a misleading error message of curl and a weird behavior of our certificate download script.
The key takeaway for anyone stumbling on this is that error setting certificate verify location CAN mean that the certificate was not found, but it can also mean that the certificate file is not valid - which we assumed it was, since we expected a different error message in case the certificate was found but not valid.
In our case, the certificate file was actually completely empty - our company some time in the past changed some firewall rules, accidentally blocking connection to our certificate server, and when our script attempted to re-download the certificate last month, it instead created an empty file - which, as mentioned above, raised an error message that led us to believe the file was missing instead of corrupt.
- How can I tell git to ignore SSL errors only for one specific remote host?
- How to ignore SSL certificate errors in Apache HttpComponents HttpClient 5.1
- Python - requests.exceptions.SSLError - dh key too small
- PyMongo [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate
- FastAPI OAuth2 with ForgeRock: SSL Certificate Verification Issue
- SSL: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch
- nginx the "ssl" directive is deprecated, use the "listen ... ssl"
- Resolving javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed Error?
- OpenSSL: explicitly set start/end date using `openssl req`?
- Problem installing Issuer (cert-manager) inside GKE cluster tls: failed to verify certificate: x509: certificate signed by unknown authority
- Unable to enforce https for github pages with Godaddy domain
- SSL certificate rejected trying to access GitHub over HTTPS behind firewall
- SSL peer certificate or SSH remote key was not OK
- GKE Autopilot: How to add/manage SSL Certificate to GKE autopilot
- How to configure Pentaho Carte to accept HTTPS request instead of HTTP
- SSL and aiohttp: disable SSL verification do not work on python 3.12
- Is it possible to use Spring Boot SSL bundles internally, while keeping legacy configuration (e.g. javax.net.ssl.*) in application.properties?
- SSL module in Python is not available (on OSX)
- SSL certificate issue unable to get local issuer certificate
- How do fix newman error self signed certificate?
- Configuring HTTPS for Express and Nginx
- Website can't connect to backend server due to invalid SSL certs
- IS it possible to have One way and mutual ssl for same web App same time depending on URLs
- How to fix ActiveMQ Artemis connection timeouts when sslEnabled=true
- Databricks - Error setting certificate verify locations even though file exists
- how to add .crt file to keystore and trust store
- Ubuntu24.04 SSL handshake failed when use self-signed cert
- Unable to add Let's encrypt ssl certificate to domains using nginx (certbot)
- Behat stopped working SSL error fwrite() Laravel
- Cannot create developer certificate on Mac