SSLError certificate verify failed when testing the Swish API

Question

I am trying to send a test request to the Swedish micro payment system Swish.

When running the code below, I get the error "SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')])"

My OpenSSl version is 1.1.1j which means it supports TLS 1.2 which Swish requires.

What do I need to change to make it work?

import json
from requests_pkcs12 import put

url = "https://mss.cpc.getswish.net/swish-cpcapi/api/v2/paymentrequests/F628384EC1744F9BB1F871EA67CB8BA5"
clientP12 = "Swish_Merchant_TestCertificate_1234679304.p12"
signingCert = "Swish_Merchant_TestSigningCertificate_1234679304.pem"

payload = {
    "payeePaymentReference": "4",
    "callbackUrl": "https://mysite/API/on_swish_payment_done/?payeePaymentReference=4",
    "payerAlias": "0701234567",
    "payeeAlias": "1234679304",
    "amount": "100.00",
    "currency": "SEK"
}

headers = {'content-type': 'application/json'}

r = put(url,
        data=json.dumps(payload),
        headers=headers,
        pkcs12_filename=clientP12,
        pkcs12_password='swish',
        verify=signingCert
        )

Answer 1

I think you should use the Swish_TLS_RootCA.pem as verify. Afaik the signing certificate is only used to sign the payload for Swish Payouts