:ID: 31274871-1e89-4fc5-8015-6c2fce728333

Summary

module to do HTTP communication.

Setting custom SSL certificate

position ease box interval due
front 2.5 0 0 2021-09-29T17:07:02Z

When using the directly

https://docs.python-requests.org/en/master/user/advanced/#ssl-cert-verification

  1. using verify=False
requests.get('https://requestb.in', verify=False)
  1. verify=path/to/ca/bundle or directory that contains CA files
requests.get('https://requestb.in', verify="path/to/ca/bundle")
  1. REQUESTS_CA_BUNDLE env variable
export REQUESTS_CA_BUNDLE=/path/to/ca/bundle

When requests is used by third party package or dependencies

ref ref2

import requests
import certifi
import sys

try:
    requests.get('https://any-website-protected-by-your-custom-root-ca')
    print('Certificate already added to the certifi store')
    sys.exit(0)
except requests.exceptions.SSLError as err:
    print('SSL Error. Adding custom certs to Certifi store...')
    customca = requests.get('http://place-to-download-your-root-ca-pem.file').content
    cafile = certifi.where()
    with open(cafile, 'ab') as outfile:
        outfile.write(b'\n')
        outfile.write(customca)

try:
    requests.get('https://any-website-protected-by-your-custom-root-ca-to-validate-the-certificate')
    print('Successfully added certificate to the certifi store')
    sys.exit(0)
except requests.exceptions.SSLError as err:
    print('Failed to add certificate to the certifi store')
    sys.exit(1)

SSL Certificate paths

It uses certifi for trusted CA root certificates. Certifi provides Mozilla’s carefully curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts . It has been extracted from the Requests project.

import requests
requests.certs.where()
#or
cafile = certifi.where()

Gives the path which requests library uses to use SSL CA certificates.