Skip to content

Instantly share code, notes, and snippets.

@mikehwang

mikehwang/adding-ca-cert-on-ubuntu.md

Last active January 30, 2020 13:53
Show Gist options
  • Save mikehwang/2a308923d7fa87fbadf77af017f3d338 to your computer and use it in GitHub Desktop.
Save mikehwang/2a308923d7fa87fbadf77af017f3d338 to your computer and use it in GitHub Desktop.
Download ZIP
Walk-through on adding a new CA cert on ubuntu and additional steps to make sure certain command-line apps work
Raw
adding-ca-cert-on-ubuntu.md

I was getting SSL verification issues on my Ubuntu 18.04 machine because I was missing a root CA cert.

Let's call the new CA cert some-cert.pem.

I followed the first answer on this post:

cp some-cert.pem /usr/local/share/ca-certificates/some-cert.crt
sudo update-ca-certificates

The new cert should now be linked through /etc/ssl/certs.

Doing the above is sufficient to resolve SSL verification issues with curl but Python apps that depend on requests and botocore require certain environment variables to be set. There is a "standard" environment variable that doesn't always get respected.

Library/App Variable Notes
requests (<3.0.0) REQUESTS_CA_BUNDLE
requests (>=3.0.0) REQUESTS_CA_BUNDLE or SSL_CERT_DIR #2899
botocore AWS_CA_BUNDLE Does not like directories

Setting the environment variable looks like:

export SSL_CERT_DIR=/etc/ssl/certs
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment