- Newest
- Most votes
- Most comments
Hi,
I understand that you're trying to configure AWS CLI to use AWS Single Sign-On. But, you are receiving the CERTIFICATE_ VERIFY_FAILED error message while doing so.
Please note that the cause for this issue is addressed in the following documentation:
- Troubleshooting AWS CLI errors - I get a "[SSL: CERTIFICATE_ VERIFY_FAILED] certificate verify failed" error. - https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-troubleshooting.html#tshoot-certificate-verify-failed
When you use an AWS CLI command, you receive a "[SSL: CERTIFICATE_ VERIFY_FAILED] certificate verify failed" error message. This is caused by the AWS CLI not trusting your proxy's certificate due to factors such as your proxy's certificate being self-signed, with your company set as the Certification Authority (CA) (in case this is the configuration on your end). This prevents the AWS CLI from finding your companies CA root certificate in the local CA registry.
To fix this, instruct the AWS CLI where to find your companies .pem file using the ca_bundle configuration file setting, --ca-bundle command line option, or the AWS_CA_Bundle environment variable.
- https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html#cli-config-ca_bundle
- https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-options.html#cli-configure-options-ca-bundle
If you're using an older version of CLI, I'd also recommend updating to a newer version and testing.
- [] What is the AWS Command Line Interface? - About AWS CLI version 2 - https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-welcome.html#welcome-versions-v2
The AWS CLI version 2 is the most recent major version of the AWS CLI and supports all of the latest features. Some features introduced in version 2 are not backported to version 1 and you must upgrade to access those features. There are some "breaking" changes from version 1 that might require you to change your scripts. For a list of breaking changes in version 2, see 'Breaking changes – Migrating from AWS CLI version 1 to version 2' documentation below.
- [] Breaking changes – Migrating from AWS CLI version 1 to version 2 - https://docs.aws.amazon.com/cli/latest/userguide/cliv2-migration.html
If you did want to install the latest of AWS CLI version 2, please follow the guide below:
- [] Installing or updating the latest version of the AWS CLI - https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html
Please let us know if you run into any further issues or questions and we'll be glad to assist!
Hi. As per https://github.com/aws/aws-cli/issues/7602 this seems to be an issue affecting "aws sso", where neither --ca-bundle nor --no-verify-ssl work. Is there any plan on when can this be fixed? Thanks
Relevant content
- asked 8 months ago
- asked 2 months ago
AWS OFFICIALUpdated a year ago- AWS OFFICIALUpdated 23 days ago
- AWS OFFICIALUpdated 10 months ago
- AWS OFFICIALUpdated 9 months ago
I tried with aws configure sso --ca-bundle C:\rootCAs.pem but it gives me same error.
SSL validation failed for https://portal.sso.eu-west-1.amazonaws.com/assignment/accounts [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1125)
aws --version aws-cli/2.4.9 Python/3.8.8 Windows/10 exe/AMD64 prompt/off