Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to make Python use CA certificates from Mac OS TrustStore?

Tags:

python

macos

ssl

truststore

I need to use curtom root certificates on the company intranet and loading them in the Mac OS TrustStore (KeyChain) does solve the problem for all browsers and GUI apps.

It seems that it works even with the version of curl that ships with Mac OS X but it doesn't work with python, even the version that ships with Mac OS 10.12 Sierra (Python 2.7.10)

Still, it seems that I would be hit by:

urllib2.URLError: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590)>

How can I solve this?

Because I encounter this issue in lots and lots of Python tools I would really appreciate if I find a way to avoid it without having to patch them.

Providing the custom CA certificate myself is not an option because I cannot patch tens of Python tools that I use.

Most of the tools are using the requests library but there are a few that are using the native ssl support in Python directly.

like image 465
sorin Avatar asked Nov 18 '16 19:11

sorin

People also ask

How do I run Python 3.6 install Certificates commands?

Type cmd in the search bar and hit Enter to open the command line. Type python3 -m pip install certifi in the command line and hit Enter again. This installs certifi for your default Python installation.

Where does python look for CA certs?

By default, the Python ssl module uses the system CA certificate bundle - /etc/pki/tls/certs/ca-bundle.

How do you run install Certificates command Mac?

Navigate to Finder > Applications > Utilities > Keychain Access. Select "System" in the left-hand column. Open 'File > Import Items' and import the certificate files into the "System" keychain. The certificate should now show with a red X.

1 Answers

This is also a problem in Python 3.6 with MacOS Sierrra. I know your use case is different. But I stumbled upon this thread while investigating this problem. So if anyone is also having this article is worth checking out:

http://www.cdotson.com/2017/01/sslerror-with-python-3-6-x-on-macos-sierra/

In a nutshell: Python 3.6 does not rely on MacOS' openSSL anymore. It comes with its own openSSL bundled and doesn't have access on MacOS' root certificates.

You have two options:

Run an install command shipped with Python 3.6

cd /Applications/Python\ 3.6/ ./Install\ Certificates.command

or

Install the certifi package with

pip install certifi

I chose the first option and it worked.

like image 126
j7nn7k Avatar answered Sep 22 '22 02:09

j7nn7k
Sign in to Comment

Related questions

How to get rid of specific warning messages in python while keeping all other warnings as normal?
numpy vstack vs. column_stack
Python loop to run for certain amount of seconds
asynchronous programming in python
How to close a thread from within?
Numpy extract submatrix
Trim whitespace using PIL
Python - How can I pad a string with spaces from the right and left?
How to terminate process from Python using pid?
How to filter dictionary keys based on its corresponding values
Convert timestamp since epoch to datetime.datetime
Save/dump a YAML file with comments in PyYAML
How to output to the console and file?
Eliminating all data over a given percentile
Why truncate when we open a file in 'w' mode in python
Platform-independent file paths?
How to split a Python string on new line characters
Python library to split and join mp3 files
In Flask: How to access app Logger within Blueprint
Seaborn.countplot : order categories by count?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!