When you make an HTTP request using the requests module, it checks the SSL certificate of the target server. If the SSL certificate is not signed by a trusted authority or if the certificate is self-signed, python will show a traceback error.

Running a request like this when "url" has a non trusted certificate...

response = requests.get(url, headers=headers)

... would return the error...

Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 600, in urlopen
  File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 343, in _make_request
  File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 841, in _validate_conn
  File "/usr/lib/python3/dist-packages/urllib3/connection.py", line 358, in connect
  File "/usr/lib/python3/dist-packages/urllib3/util/ssl_.py", line 347, in ssl_wrap_socket
    return context.wrap_socket(sock, server_hostname=server_hostname)
  File "/usr/lib/python3.7/ssl.py", line 412, in wrap_socket
  File "/usr/lib/python3.7/ssl.py", line 886, in _create
  File "/usr/lib/python3.7/ssl.py", line 1150, in do_handshake
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate (_ssl.c:1056)

We can avoid that error by disabling certificate verification...

response = requests.get(url, headers=headers, verify=False)

... raising a InsecureRequestWarning. This warning is intended to notify you that the connection is not secure, potentially exposing you to man-in-the-middle attacks...

/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
Remember that security should be a top priority, and you should only suppress certificate validation and warnings when it's absolutely necessary for your specific use case. Always be cautious when handling insecure connections and make informed decisions to protect your application and its users.

To supress the warning, you can add this to the script so it configures the requests module not to show them:


In this blog post, we discussed how to suppress insecure requests warnings when using the Python requests module. While disabling these warnings is sometimes necessary during development and testing, it is crucial to re-enable them in production to maintain a secure connection to remote servers.