SSL Certificate Verification Failure When Connecting to Weaviate in Kubernetes


Hi Guys, I am attempting to set up the Weaviate Python Client to communicate with a Weaviate instance hosted within a Kubernetes cluster. Despite following the available documentation and reviewing similar issues faced by others, I am unable to resolve SSL certificate verification failures.

Specifically, I am trying to run the following block of code:

os.environ['REQUESTS_CA_BUNDLE'] = "/path/to/weaviate-ca.crt"
os.environ["SSL_CERT_FILE"] = "/path/to/weaviate-tls.crt"
os.environ["GRPC_DEFAULT_SSL_ROOTS_FILE_PATH"] = "/path/to/weaviate-grpc-tls.crt"

weaviate_client = weaviate.connect_to_custom(

But am facing the SSL error: ConnectError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get issuer certificate (_ssl.c:1006)

If I do a curl for example, like: curl -v -L http://weaviate.xx 2>&1 | egrep "^> (Host:|GET)", I get:

> GET / HTTP/1.1
> Host: weaviate.xx
> GET / HTTP/2
> Host: weaviate.xx
> GET /v1 HTTP/2
> Host: weaviate.xx

So everything seems fine when curling, but you can see that it is doing a redirect from HTTP to HTTPS. So if I set http_port to 80 and http_secure to False, it will lead to a 308 error.

Has anyone else encountered this issue? Thanks a lot - you guys are doing an amazing job with Weaviate!

hi @coderm !

Welcome to our community! :hugs:

How are you running?

I have not played around with SSL certs directly into weaviate :grimacing:

But usually I have a reverse proxy in front, and that makes things easier.


Have you seen this thread?

Seems related:

1 Like