generating cert for use with python requests getting PEM lib error

Question

I have an application which I'm doing self-signing certificates for using the documentation here.

The application loads that keystore into a jetty config and loads properly and I get a warning of an untrusted certification when browsing to the site.

Then I want to use python to connect to it and I've tried all variations of generating a cert, pem, etc. nothing I do gets me to connect. Simply doing the following -

import requests
requests.get('https://servername:8443', cert=('path\
\to\\cert\\app.cert', '\\\\path\\to\\keystore\\keystore'))

Gives me the following traceback -

Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "C:\Python27\lib\site-packages\requests\api.py", line 69, in get
    return request('get', url, params=params, **kwargs)
  File "C:\Python27\lib\site-packages\requests\api.py", line 50, in request
    response = session.request(method=method, url=url, **kwargs)
  File "C:\Python27\lib\site-packages\requests\sessions.py", line 465, in request
    resp = self.send(prep, **send_kwargs)
  File "C:\Python27\lib\site-packages\requests\sessions.py", line 573, in send
    r = adapter.send(request, **kwargs)
  File "C:\Python27\lib\site-packages\requests\adapters.py", line 431, in send
    raise SSLError(e, request=request)
requests.exceptions.SSLError: [SSL] PEM lib (_ssl.c:2580)

Answer 1

cert in requests is used for client site certificates, not for the CA store. Use the verify parameter to specify the CA file, e.g.:

requests.get('https://www.example.com', verify='/etc/ssl/certs/ca-certificates.crt')