How can I debug error message about self-signed certificate?
I'm trying to run locally a webapp done with Flask and Werkzeug. It required certificates locally that I created myself. Then when I start it, it starts listening but when trying to connect from Google Chrome it fails with the error message
lib/python3.10/site-packages/ldap3/core/tls.py", line 289, in _start_tls
raise start_tls_exception_factory(e)(connection.last_error)
ldap3.core.exceptions.LDAPStartTLSError: ('wrap socket error: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate in certificate chain (_ssl.c:1007)',)
The code where it fails looks as follows
custom_tls = ldap3.Tls(
local_private_key_file=private_key_file_path,
local_certificate_file=certificate_file_path,
validate=ssl.CERT_REQUIRED,
ca_certs_file=bundle_cerfiticate_file_path,
version=ssl.PROTOCOL_TLS_CLIENT
)
conn = ldap3.Connection(
get_ldap_server(port=389, use_ssl=False, custom_tls=custom_tls),
lazy=False,
raise_exceptions=True,
authentication=ldap3.SASL,
sasl_mechanism=ldap3.EXTERNAL,
check_names=True,
sasl_credentials=authz
)
conn.open()
conn.start_tls()
I don't understand what I should do. The certificates are not invalid but they are self-signed and I'm running it locally so I should be able to "establish trust" but I don't get any clarity about the situation, what is the certificate supposed to be or if I'm expected to purchase a certificate to run the webapp locally. At the moment I set the two certificates to the same because there is no intermediate and the root CA is myself. What do you think is my problem? I could show the certificates but they are the same and were just created with mkcert. I don't understand why the configuration must have so many steps for locally running Hello World.
