I was getting SSL verification issues on my Ubuntu 18.04 machine because I was missing a root CA cert.
Let's call the new CA cert some-cert.pem
.
I followed the first answer on this post:
cp some-cert.pem /usr/local/share/ca-certificates/some-cert.crt
sudo update-ca-certificates
The new cert should now be linked through /etc/ssl/certs
.
Doing the above is sufficient to resolve SSL verification issues with curl
but Python apps that depend on requests
and botocore
require certain environment variables to be set. There is a "standard" environment variable that doesn't always get respected.
Library/App | Variable | Notes |
---|---|---|
requests (<3.0.0) |
REQUESTS_CA_BUNDLE |
|
requests (>=3.0.0) |
REQUESTS_CA_BUNDLE or SSL_CERT_DIR |
#2899 |
botocore |
AWS_CA_BUNDLE |
Does not like directories |
Setting the environment variable looks like:
export SSL_CERT_DIR=/etc/ssl/certs