05-19-2021 04:38 AM
Hi Everyone
I would like to create internal users using Python script. I have installed 3.9.2 Python and saved the .py file and run the execution using ERS SDK guide for ISE
I got this error while run the code through command line
ssl.SSLError: [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:1123)
This is my code
#!/usr/bin/env python
import http.client
import base64
import ssl
import sys
import urllib3
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
#parameters
name = sys.argv[4] # "chris"
first = sys.argv[5] # "Chris"
last = sys.argv[6] # "Colombus"
passwd = sys.argv[7] # "Password1"
email = sys.argv[8] # "chris@gh.com"
expiry_date = sys.argv[9] # "2021-12-30"
# host and authentication credentials
host = sys.argv[1] # "192.168.31.15"
user = sys.argv[2] # "ersad"
password = sys.argv[3] # "oFlPRrne1"
conn = http.client.HTTPSConnection("{}:9060".format(host), context=ssl.SSLContext(ssl.PROTOCOL_TLSv1))
creds = str.encode(':'.join((user, password)))
encodedAuth = bytes.decode(base64.b64encode(creds))
req_body_json = """ {{
"InternalUser" : {{
"name" : "{}",
"enabled" : true,
"email" : "{}",
"password" : "{}",
"firstName" : "{}",
"lastName" : "{}",
"changePassword" : true,
"expiryDateEnabled" : true,
"expiryDate" : "{}",
"enablePassword" : "{}",
"customAttributes" : {{
}},
"passwordIDStore" : "Internal Users"
}}
}}
""".format(name,email,passwd,first,last,expiry_date,passwd)
headers = {
'accept': "application/json",
'content-type': "application/json",
'authorization': " ".join(("Basic",encodedAuth)),
'cache-control': "no-cache",
}
conn.request("POST", "/ers/config/internaluser/", headers=headers, body=req_body_json)
res = conn.getresponse()
data = res.read()
print("Status: {}".format(res.status))
print("Header:\n{}".format(res.headers))
print("Body:\n{}".format(data.decode("utf-8")))
Any help would appreciated
05-19-2021 07:39 AM
You are most likely using an untrusted, self-signed certificate on your ISE node and the Python SSL library does not like that. Also you seem to be explicitly trying to use ssl.PROTOCOL_TLSv1 and perhaps your ISE node has TLS 1.0 disabled for security reasons? I don't know why you want to specifically use TLS 1.0 in your script but make sure you have enabled it:
05-19-2021 08:18 AM - edited 05-20-2021 06:25 AM
the TLS 1.0 is already enabled in the ISE node but I still get the same error as well
05-21-2021 03:20 AM
the TLS 1.0 is already enabled in the ISE node but I still get the same error as well
Any help is welcomed
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide