When trying to connect to an endpoint with a certificate of a custom certificate authority, stored in the macOS keychain, Python generally raises errors like SSL: CERTIFICATE_VERIFY_FAILED.
They can be avoided by exporting the certs locally, and pointing modules like urllib2 or requests to it:
security export -t certs -f pemseq -k keychain.login > ~/keychain.pem
security export -t certs -f pemseq -k /Library/Keychains/System.keychain >> ~/keychain.pem
security export -t certs -f pemseq -k /System/Library/Keychains/SystemRootCertificates.keychain >> ~/keychain.pem
export REQUESTS_CA_BUNDLE="$HOME/keychain.pem"