Self-signed certificates for Jupyter URI (Support Jupyter Hub)

[willbowditch]

Environment data

• VS Code version: 1.32.1
• Extension version (available under the Extensions sidebar): 2019.2.5558
• OS and version: OS X 10.13.6
• Python version: 3.7
• Type of virtual environment used (N/A | venv | virtualenv | conda | ...): pipenv, virtualenv
• Relevant/affected Python packages and their versions: Jupyter

Jupyter

Connecting to a Jupyter server via https with a self-signed certificate fails:

Failed to connect to remote Jupyter notebook. Check that the Jupyter Server URI setting has a valid running server specified. 

TypeError: request to https://blah.blah.blah.com:8000/api/contents/?xxxxxxx failed

reason: self signed certificate

Setting:

{
"http.proxyStrictSSL": false
}

has no impact.

[IanMatthewHuff]

Hey @willbowditch Sorry about the delay here. I should be able to look into this more today or in the upcoming week. I think that I get the general gist, but would you mind specifying a little more how you are setting up your notebook server and key? OpenSSL cert and --certfile on the notebook launch?

[willbowditch]

@IanMatthewHuff nice one, thanks. Yep self signed certificate rejected. In the browser you can proceed past the warning. I didn't set the server up myself, but can find out the details if you need more info

[webartoli]

I have hit the same issue attaching to EMR cluster on AWS (with default configuration)

[esthomw]

I have encountered the same issue. Any progress on that?

I actually can obtain the certificates, yet I do not know how to pass them?

[atulkakrana]

Hi,
Any updates on this. This is a big issue.

[atulkakrana]

I could fix the "self signed certificate" error following instructions here: https://www.freecodecamp.org/news/how-to-get-https-working-on-your-local-development-environment-in-5-minutes-7af615770eec/

But now I am getting the Error:

Failed to connect to remote Jupyter notebook. Check that the Jupyter Server URI setting has a valid running server specified. https://ec2-xx-xx-xx-xx.us-east-2.compute.amazonaws.com:8000/ Error: Invalid response: 405 Method Not Allowed

Source: Python (Extension)

The certificate and key were generated:
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout mykey.key -out mycert.pem

and specified in Jupyterhub_config file.

Any help???????????????????????

[IanMatthewHuff]

Hey Everyone. Sorry about the radio silence here for a while. Currently the @jupyterlab/services that we use to connect to Jupyter servers really only support token authentication and don't support self signed certificates by default. Recently I've worked on a bit of a workaround to get passwords working for with @jupyterlab/services, and I think that I can apply the same workaround to self signed certs. Looking into that as we speak. I should know by tomorrow EOD if this fix will work as well to enable self-certs.

[IanMatthewHuff]

Since I promised an update. The workaround is looking good. As long as you trust me that this is the same server name blacked out here is the interactive window hitting a self cert server and connecting and running code. I need to so some more verification that my workaround isn't exposing any new issues, so I don't see the fix getting in today. But provided that I don't fine any blocking issues with the workaround should be early next week. My current plan is to expose some type of allow self signed certs setting that defaults to no as default but can be flipped to true.

[IanMatthewHuff]

First version of this is in now:
microsoft/vscode-python#6003

If anyone want to take a peek at our development build they can check it out and report back here:
https://github.com/microsoft/vscode-python/blob/master/CONTRIBUTING.md#development-build

The setting is Allow Unauthorized Remote Connection and you should see a warning that will allow you to automatically set it if you connect to a non-trusted machine.

[atulkakrana]

I tested the development build and I am still getting the same error. I could connect via browser by skipping the warning but VScode gives this error:

Failed to connect to remote Jupyter notebook. Check that the Jupyter Server URI setting has a valid running server specified. https://ecx-x-xx-xx-xx.us-east-2.compute.amazonaws.com:8000/ Error: Invalid response: 405 Method Not Allowed

VS Code version: Version 1.35.1 (1.35.1)
Python Extension Version: 2019.7.21668-dev

[IanMatthewHuff]

Hey @atulkakrana . This thread is specifically for the issue listed at the top by the original poster.

Failed to connect to remote Jupyter notebook. Check that the Jupyter Server URI setting has a valid running server specified.

TypeError: request to https://blah.blah.blah.com:8000/api/contents/?xxxxxxx failed

reason: self signed certificate

That's the only thing that my current fix is addressing, sorry if there was any confusion there. Your issue here you mentioned only seeing past the self-certs issue.

Failed to connect to remote Jupyter notebook. Check that the Jupyter Server URI setting has a valid running server specified. https://ecx-x-xx-xx-xx.us-east-2.compute.amazonaws.com:8000/ Error: Invalid response: 405 Method Not Allowed

I want to make sure not to lose track of that issue (and now that self certs and passwords are in I'll start looking right into it) so I've split it out into a new issue. I want to make sure that I don't lose it as I'll be closing down this thread when the self certs fix ships. The new issue to track the 405 issue I've logged here https://github.com/microsoft/vscode-python/issues/6309

[esthomw]

@IanMatthewHuff I will try this fix in development build this week hopefully