:ID: 31274871-1e89-4fc5-8015-6c2fce728333
Summary
module to do HTTP communication.
Setting custom SSL certificate
position | ease | box | interval | due |
---|---|---|---|---|
front | 2.5 | 0 | 0 | 2021-09-29T17:07:02Z |
When using the directly
https://docs.python-requests.org/en/master/user/advanced/#ssl-cert-verification
- using verify=False
requests.get('https://requestb.in', verify=False)
- verify=path/to/ca/bundle or directory that contains CA files
requests.get('https://requestb.in', verify="path/to/ca/bundle")
- REQUESTS_CA_BUNDLE env variable
export REQUESTS_CA_BUNDLE=/path/to/ca/bundle
When requests is used by third party package or dependencies
import requests
import certifi
import sys
try:
requests.get('https://any-website-protected-by-your-custom-root-ca')
print('Certificate already added to the certifi store')
sys.exit(0)
except requests.exceptions.SSLError as err:
print('SSL Error. Adding custom certs to Certifi store...')
customca = requests.get('http://place-to-download-your-root-ca-pem.file').content
cafile = certifi.where()
with open(cafile, 'ab') as outfile:
outfile.write(b'\n')
outfile.write(customca)
try:
requests.get('https://any-website-protected-by-your-custom-root-ca-to-validate-the-certificate')
print('Successfully added certificate to the certifi store')
sys.exit(0)
except requests.exceptions.SSLError as err:
print('Failed to add certificate to the certifi store')
sys.exit(1)
SSL Certificate paths
It uses certifi for trusted CA root certificates. Certifi provides Mozilla’s carefully curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts . It has been extracted from the Requests project.
import requests
requests.certs.where()
#or
cafile = certifi.where()
Gives the path which requests library uses to use SSL CA certificates.