By using AWS re:Post, you agree to the Terms of Use
/aws configure sso issue/

aws configure sso issue

0

aws configure sso SSO start URL [None]: <MyURL> SSO Region [None]: eu-west-1

SSL validation failed for https://portal.sso.eu-west-1.amazonaws.com/assignment/accounts [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1125)

I get above error while configuring aws sso and not able to resolve it.

1 Answers
0

Hi,

I understand that you're trying to configure AWS CLI to use AWS Single Sign-On. But, you are receiving the CERTIFICATE_ VERIFY_FAILED error message while doing so.

Please note that the cause for this issue is addressed in the following documentation:

When you use an AWS CLI command, you receive a "[SSL: CERTIFICATE_ VERIFY_FAILED] certificate verify failed" error message. This is caused by the AWS CLI not trusting your proxy's certificate due to factors such as your proxy's certificate being self-signed, with your company set as the Certification Authority (CA) (in case this is the configuration on your end). This prevents the AWS CLI from finding your companies CA root certificate in the local CA registry.

To fix this, instruct the AWS CLI where to find your companies .pem file using the ca_bundle configuration file setting, --ca-bundle command line option, or the AWS_CA_Bundle environment variable.

If you're using an older version of CLI, I'd also recommend updating to a newer version and testing.

The AWS CLI version 2 is the most recent major version of the AWS CLI and supports all of the latest features. Some features introduced in version 2 are not backported to version 1 and you must upgrade to access those features. There are some "breaking" changes from version 1 that might require you to change your scripts. For a list of breaking changes in version 2, see 'Breaking changes – Migrating from AWS CLI version 1 to version 2' documentation below.

If you did want to install the latest of AWS CLI version 2, please follow the guide below:

Please let us know if you run into any further issues or questions and we'll be glad to assist!

SUPPORT ENGINEER
answered 5 months ago
  • I tried with aws configure sso --ca-bundle C:\rootCAs.pem but it gives me same error.

    SSL validation failed for https://portal.sso.eu-west-1.amazonaws.com/assignment/accounts [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1125)

    aws --version aws-cli/2.4.9 Python/3.8.8 Windows/10 exe/AMD64 prompt/off

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions