Does SSL Certificate for Tick History has impact on Authentication as well

Vinod A

Secure Sockets Layer (SSL) certificate used to secure the DataScope Select and Tick History web site and API endpoints accessed via the Internet and private network connections (DDN/FCN).

When client certificate expired; they did not received any error for Authentication Token Request. However While extracting the data they received the error.
Does authentication work without SSL certificate renewal or is this something to do about AWS direct download.

requestUrl = "https://selectapi.datascope.refinitiv.com/RestApi/v1/Authentication/RequestToken"
requestHeaders={
    "Prefer":"respond-async",
    "Content-Type":"application/json"
    }
requestBody={
    "Credentials": {
    "Username": USERNAME,
    "Password": PASSWORD
  }
}
authenticationResp = requests.post(requestUrl, json=requestBody,headers=requestHeaders)
print("Received the response for authentication request")

DownloadFromAWS=True
requestUrl="https://selectapi.datascope.refinitiv.com/RestApi/v1/Extractions/RawExtractionResults" + "('" + jobId + "')" + "/$value"
requestHeaders={
        "Prefer":"respond-async",
        "Content-Type":"text/plain",
        "Accept-Encoding":"gzip",
        "Authorization": "token " + token
}
if DownloadFromAWS==True:
    requestHeaders.update({"X-Direct-Download":"true"})
dataRetrieveResp=requests.get(requestUrl,headers=requestHeaders,stream=True)
print("Received the response for retreiving data using the jobId")

SSLCertVerificationError                  Traceback (most recent call last)
File d:\Research\Regime\.venv\lib\site-packages\urllib3\connectionpool.py:700, in HTTPConnectionPool.urlopen(self, method, url, body, headers, retries, redirect, assert_same_host, timeout, pool_timeout, release_conn, chunked, body_pos, **response_kw)
    699 if is_new_proxy_conn and http_tunnel_required:
--> 700     self._prepare_proxy(conn)
    702 # Make the request on the httplib connection object.

Gurpreet

As pointed earlier, either there is a problem with your network stack - i.e. firewall re-signing the traffic, or your python instance might be old and certificates no longer supported. To verify the network issue, use-

verify=False 

as a parameter in your requests GET/POST call. Important - this is a temporary test and should not be used in a production application due to the security risk.

If it does indeed turn out to be the certificate error, then please update your python instance to a latest version - maybe reinstall Python 3 with newer packages. Also see this discussion about the certificate errors.

Gurpreet

Hi @Vinod A,

Its not clear what you are describing.

Tick History endpoint is signed by Comodo Certificate Authority which is one of the build in CA within Python's trust store. There should be no need for any additional client certificates, and the Python requests module can connect and get data from DSS/TickHistory without any issues.

If your application is connecting through a secure network proxy, which is re-signing the network traffic, and if that certificate has changed or expired -- you will have to update it in your application accordingly.

Zuka

Following is the error when try to download data from AWS. it seems host is amazonaws.com domain, somehow DSS server points amazonaws host then somehow certification information to the aws server.

However, we consider that for some reason that part is not done correctly, resulting in a certification error for aws. please let us know the mechanism of how certification information is transmitted from DSS to AWS host.

SSLError: HTTPSConnectionPool(host='a205143-use1-prod-results-custom.s3.amazonaws.com', port=443): Max retries exceeded with url: /85B662A7AB7F4420AC16E45CCA79D819/data/merged/merged-Data.csv.gz?AWSAccessKeyId=AKIAJNJ6M4OJR7K3TWNA&Expires=1705056160&response-content-disposition=attachment%3B%20filename%3D_OnD_0x08c6d809ed09734d.csv.gz&Signature=o1VNzwmqzknzYIckmZbX83Qa8ag%3D (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1123)')))

Jirapongse

@Zuka

When setting the X-Direct-Download to True, the server will return the 303 Found to the application.

Then, the application will redirect to the new URL (AWS) in the Location header.

According to the error, the AWS URL may be blocked by Firewall or network security Software.

Zuka

Thanks a lot.