import os
import requests
import json
from dotenv import load_dotenv
import certifi
load_dotenv()
API_KEY = os.getenv(‘API_KEY’)
MODEL = os.getenv(‘MODEL’)
url = f"https://generativelanguage.googleapis.com/v1beta/models/gemini-2.0-flash:generateContent?key={API_KEY}"
headers = {
“Content-Type”: “application/json”
}
data = {
“contents”: [{
“parts”: [{“text”: “Explain how AI works”}]
}]
}
response = requests.post(url,headers=headers,data=json.dumps(data),verify=certifi.where())
print(response.status_code)
SSLError: HTTPSConnectionPool(host=‘generativelanguage.googleapis.com’, port=443): Max retries exceeded with url: /v1beta/models/gemini-2.0-flash:generateContent? (Caused by SSLError(SSLCertVerificationError(1, ‘[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: Basic Constraints of CA cert not marked critical (_ssl.c:1028)’)))
When you try to make a POST request to the API, the error message SSLError: HTTPSConnectionPool.certificate verify failed indicates that there is a problem with SSL certificate verification. It could be a problem with the server’s certificate itself, or it could be the result of an outdated or improperly configured certificate store on your system. The error message “Basic Constraints of CA cert not marked critical” typically indicates that the SSL library’s expectations for a trusted connection and the certificate’s properties differ. You can either update the certificate store on your system or disable SSL verification (which is not recommended for production use) to resolve this. Or make sure your environment has up-to-date CA certificates and is properly configured. If you are working in a restricted or isolated network environment, you may need to update your system’s certificates. You may also need to make sure your system has the necessary certificates installed.
The error [SSL_CERTIFICATE_VERIFY_FAILED] can be faced indicates a problem with verifying the authenticity of an SSL certificate during a secure connection. It is standard SSL error that users using a Python environment usually face, while making HTTPS request.
When the client’s browser affirms that the SSL certificate is valid and authentic, it establishes the connection. But, if the client cannot confirm the server’s originality through the Secure Socket Layer certificate, the certificate_verify_failed error will pop up. There are different reasons for the error to be occur such as when the system cannot trust the certificate, often due to missing or outdated root certificates, etc.
You also need to understand for resolving the error and get the proper solution to the error.
The SSL: CERTIFICATE_VERIFY_FAILED error typically happens because Python cannot verify the SSL certificate of the server you’re connecting to. This usually points to an issue with the certificate chain or your local trusted CA certificates being outdated or misconfigured.
The error message about “Basic Constraints of CA cert not marked critical” means your SSL library’s expectations don’t quite match the certificate’s settings. To resolve this, you can try these steps:
-
Ensure your system’s CA certificates are up to date. On many systems, this involves updating the CA bundle package.
-
Use the
certifipackage to provide a reliable set of CA certificates for Python, which you seem to be doing already. Make sure it’s the latest version. -
Avoid disabling SSL verification in production since this lowers security, but for quick testing, you can temporarily disable it.
-
If you are behind a proxy or firewall, check that it doesn’t intercept or replace certificates.
For detailed guidance and troubleshooting tips, read this resource SSL_CERTIFICATE_VERIFY_FAILED Error
I hope this helps you get past the SSL certificate verification issue!