- Newest
- Most votes
- Most comments
Hello.
This may occur when special CAs or other special CAs are used in the environment where the AWS CLI is running.
https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-troubleshooting.html#tshoot-certificate-verify-failed
When you use a AWS CLI command, you receive an [SSL: CERTIFICATE_ VERIFY_FAILED] certificate verify failed error message. This is caused by the AWS CLI not trusting your proxy's certificate due to factors such as your proxy's certificate being self-signed, with your company set as the Certification Authority (CA). This prevents the AWS CLI from finding your companies CA root certificate in the local CA registry.
If you just want to run the command for now, you can add "--no-verify-ssl" as an option.
aws s3 ls --no-verify-ssl
However, "--no-verify-ssl" is not recommended for security reasons and should be used as a temporary measure.
Basically, it is best to specify the CA certificate with the "--ca-bundle" option.
https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-options.html
This option is not best practice. If you use --no-verify-ssl, your traffic between your client and AWS services is no longer secured. This means your traffic is a security risk and vulnerable to man-in-the-middle exploits. If you're having issues with certificates, it's best to resolve those issues instead. For certificate troubleshooting steps, see SSL certificate errors.
Relevant content
- asked a year ago
- asked 10 months ago
- AWS OFFICIALUpdated 2 months ago
- AWS OFFICIALUpdated 4 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 3 months ago