Skip to content

Instantly share code, notes, and snippets.

@href

href/README.md

Last active October 17, 2022 07:18
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save href/65abc33151a5e8b74d62f90e715fc996 to your computer and use it in GitHub Desktop.
Save href/65abc33151a5e8b74d62f90e715fc996 to your computer and use it in GitHub Desktop.
Download ZIP
Self-signed certificates support for macOS keychain with any CPython
Raw
README.md

When trying to connect to an endpoint with a certificate of a custom certificate authority, stored in the macOS keychain, Python generally raises errors like SSL: CERTIFICATE_VERIFY_FAILED.

They can be avoided by exporting the certs locally, and pointing modules like urllib2 or requests to it:

security export -t certs -f pemseq -k keychain.login > ~/keychain.pem
security export -t certs -f pemseq -k /Library/Keychains/System.keychain >> ~/keychain.pem
security export -t certs -f pemseq -k /System/Library/Keychains/SystemRootCertificates.keychain >> ~/keychain.pem

export REQUESTS_CA_BUNDLE="$HOME/keychain.pem"
export SSL_CERT_FILE="$HOME/keychain.pem"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment