17

I'm using a self-signed cert for debug purpose.

$ cp hbrls-server.cert /usr/local/share/ca-certificates/
$ update-ca-certificates

After that, I can see hbrls-server.pem in /etc/ssl/certs/. But requests still raises the SSLError.

If I specify the cert like this: requests.get('https://blabla', verify='/etc/ssl/certs/hbrls-server.pem'), it will be OK.

And python -m requests.certs returns /usr/local/lib/python2.7/dist-packages/certifi/cacert.pem.

How can I make requests to use the certs on the system. I'm working on dockerize sth, and would not like to see that verify=path-to-cert in my code.

EDIT: ubuntu 12.04, python 2.7.3, requests 2.7.0

hbrls
  • 2,010
  • 4
  • 31
  • 51
  • Which distribution are you using? On 14.04 `python -m requests.certs` returns `/etc/ssl/certs/ca-certificates.crt`. – sebix Jul 16 '15 at 09:28

1 Answers1

21

You can set the environment variable REQUESTS_CA_BUNDLE so you don't have to modify your code:

export REQUESTS_CA_BUNDLE=/usr/local/share/ca-certificates/hbrls-server.cert

Source: https://requests.readthedocs.io/en/master/user/advanced/#ssl-cert-verification

Guillaume Vincent
  • 11,418
  • 12
  • 70
  • 97
Marc Abramowitz
  • 3,207
  • 2
  • 22
  • 30
  • 21
    I prefer using `/etc/ssl/certs/ca-certificates.crt` which includes both certificates provided by Ubuntu distribution and certificates added by user (`/usr/local/share/ca-certificates/`). – and Aug 22 '17 at 13:46