18

I'm using a self-signed cert for debug purpose.

$ cp hbrls-server.cert /usr/local/share/ca-certificates/
$ update-ca-certificates

After that, I can see hbrls-server.pem in /etc/ssl/certs/. But requests still raises the SSLError.

If I specify the cert like this: requests.get('https://blabla', verify='/etc/ssl/certs/hbrls-server.pem'), it will be OK.

And python -m requests.certs returns /usr/local/lib/python2.7/dist-packages/certifi/cacert.pem.

How can I make requests to use the certs on the system. I'm working on dockerize sth, and would not like to see that verify=path-to-cert in my code.

EDIT: ubuntu 12.04, python 2.7.3, requests 2.7.0

hbrls
  • 2,110
  • 5
  • 32
  • 53
  • Which distribution are you using? On 14.04 `python -m requests.certs` returns `/etc/ssl/certs/ca-certificates.crt`. – sebix Jul 16 '15 at 09:28

1 Answers1

26

You can set the environment variable REQUESTS_CA_BUNDLE so you don't have to modify your code:

export REQUESTS_CA_BUNDLE=/usr/local/share/ca-certificates/hbrls-server.cert

Source: https://requests.readthedocs.io/en/master/user/advanced/#ssl-cert-verification

Guillaume Vincent
  • 13,355
  • 13
  • 76
  • 103
Marc Abramowitz
  • 3,447
  • 3
  • 24
  • 30
  • 30
    I prefer using `/etc/ssl/certs/ca-certificates.crt` which includes both certificates provided by Ubuntu distribution and certificates added by user (`/usr/local/share/ca-certificates/`). – and Aug 22 '17 at 13:46
  • @and please post this as a separate answer so I can upvote it! – chrisinmtown Dec 08 '22 at 14:48