---
slug: "ssl-ca-certificarte-python-requests"
title: "Add SSL CA Certificate to Ubuntu and Use It with Python Requests"
description: "1. If the certificate is in DER format, convert it to PEM"
url: "https://www.ytyng.com/en/blog/ssl-ca-certificarte-python-requests"
publish_date: "2018-06-21T02:34:26Z"
created: "2018-06-21T02:34:26Z"
updated: "2026-02-27T12:37:48.089Z"
categories: ["Python"]
keywords: ""
featured_image_url: "https://media.ytyng.com/resize/20250605/1bec1d988c744eb086188b0a11d4cdb2.png.webp?width=768"
has_video: true
has_music: true
video_urls: ["https://media.ytyng.net/ytyng-blog/138/featured-video-1.mp4", "https://media.ytyng.net/ytyng-blog/138/featured-video-2.mp4", "https://media.ytyng.net/ytyng-blog/138/featured-video-3.mp4"]
music_urls: ["https://media.ytyng.net/ytyng-blog/138/featured-music-138-3.mp3", "https://media.ytyng.net/ytyng-blog/138/featured-music-138-4.mp3"]
lang: "en"
---

# Add SSL CA Certificate to Ubuntu and Use It with Python Requests

<p>1. If the certificate is in DER format, convert it to PEM</p>
<pre style="background-color: #ffffff; color: #000000; font-family: 'Menlo'; font-size: 9.0pt;">openssl x509 -in torico.der -inform DER -out torico-ca.crt -outform PEM</pre>
<p></p>
<p>2. Copy the certificate to /usr/local/share/ca-certificates/</p>
<p></p>
<p>3. Execute sudo update-ca-certificates</p>
<p>At this point, certificates will be used when using tools like curl, and certificate errors will no longer occur.</p>
<p>However, certificate errors will still occur with Python Requests.</p>
<p></p>
<p>4. An environment variable is required when using Python Requests</p>
<pre>REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt</pre>
<p></p>
<p>It is recommended to add the environment variable to /etc/environment</p>
<p></p>
<p>Incidentally, you can also specify the CA path in the verify= argument of requests</p>
<pre>import requests<br />requests.get('https://xxx', verify='/usr/local/share/ca-certificates/torico-ca.crt')</pre>
<p></p>
<p></p>
<h2>Ansible</h2>
<p>Here's how it looks when written in Ansible</p>
<pre style="background-color: #ffffff; color: #000000; font-family: 'Menlo'; font-size: 9.0pt;">- <span style="color: #000080; font-weight: bold;">hosts: </span>servers<br />  <span style="color: #000080; font-weight: bold;">gather_facts: </span>no<br />  <span style="color: #000080; font-weight: bold;">become: </span>yes<br />  <span style="color: #000080; font-weight: bold;">tasks:<br /></span><span style="color: #000080; font-weight: bold;">    </span>- <span style="color: #000080; font-weight: bold;">copy:<br /></span><span style="color: #000080; font-weight: bold;">        src: </span>torico-ca.crt<br />        <span style="color: #000080; font-weight: bold;">dest: </span><span style="color: #008000; font-weight: bold;">"/usr/local/share/ca-certificates/torico-ca.crt"<br /></span><span style="color: #008000; font-weight: bold;">        </span><span style="color: #000080; font-weight: bold;">mode: </span>0664<br /><br />    - <span style="color: #000080; font-weight: bold;">shell: </span>update-ca-certificates<br /><br />    - <span style="color: #000080; font-weight: bold;">lineinfile:<br /></span><span style="color: #000080; font-weight: bold;">        dest: </span><span style="color: #008000; font-weight: bold;">"/etc/environment"<br /></span><span style="color: #008000; font-weight: bold;">        </span><span style="color: #000080; font-weight: bold;">insertafter: </span>EOF<br />        <span style="color: #000080; font-weight: bold;">line: </span><span style="color: #008000; font-weight: bold;">"REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt"<br /></span></pre>
<p></p>
<p>Reference<br /><a href="https://stackoverflow.com/questions/42982143/python-requests-how-to-use-system-ca-certificates-debian-ubuntu" target="_blank">ssl - Python Requests - How to use system ca-certificates (debian/ubuntu)? - Stack Overflow</a><br style="box-sizing: inherit; color: #242729; font-family: Arial, 'Helvetica Neue', Helvetica, sans-serif; font-size: 13px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration-style: initial; text-decoration-color: initial;" /><br /></p>