Add SSL CA Certificate to Ubuntu and Use It with Python Requests

Python
2018-06-21 02:34 (7 years ago)
日本語で表示
Trust Chain Alchemy
Play a song themed on this article

1. If the certificate is in DER format, convert it to PEM

openssl x509 -in torico.der -inform DER -out torico-ca.crt -outform PEM

2. Copy the certificate to /usr/local/share/ca-certificates/

3. Execute sudo update-ca-certificates

At this point, certificates will be used when using tools like curl, and certificate errors will no longer occur.

However, certificate errors will still occur with Python Requests.

4. An environment variable is required when using Python Requests

REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt

It is recommended to add the environment variable to /etc/environment

Incidentally, you can also specify the CA path in the verify= argument of requests

import requests
requests.get('https://xxx', verify='/usr/local/share/ca-certificates/torico-ca.crt')

Ansible

Here's how it looks when written in Ansible

- hosts: servers
  gather_facts: no
  become: yes
  tasks:
    - copy:
        src: torico-ca.crt
        dest: "/usr/local/share/ca-certificates/torico-ca.crt"
        mode: 0664

    - shell: update-ca-certificates

    - lineinfile:
        dest: "/etc/environment"
        insertafter: EOF
        line: "REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt"

Reference
ssl - Python Requests - How to use system ca-certificates (debian/ubuntu)? - Stack Overflow

Please rate this article
Currently unrated
Download article-themed song #1 Download article-themed song #2
Listen to other songs (Music Player)
The author runs the application development company Cyberneura.
We look forward to discussing your development needs.
View Cyberneura
Latest Articles

Recent Posts

Recent Deliverables

Categories

Archive

2026
March (1)February (6)January (4)
2025
August (2)July (1)May (3)April (1)March (2)January (1)
2024
December (2)September (1)July (3)June (3)May (2)April (1)March (2)February (1)January (1)
2023
December (3)November (2)October (2)September (1)August (3)July (3)June (1)May (5)April (2)March (4)February (1)January (4)
2022
December (3)November (6)October (5)September (10)August (3)July (2)June (4)May (1)April (3)March (1)February (1)January (2)
2021
December (7)November (4)October (3)August (4)July (1)June (1)March (7)February (7)January (6)
2020
November (3)October (2)September (1)August (1)July (3)June (1)May (3)February (1)January (2)
2019
December (2)September (2)July (1)June (3)May (1)March (2)February (2)
2018
December (1)October (1)September (8)August (2)July (3)June (2)May (3)March (2)February (6)January (4)
2017
December (2)October (1)September (4)August (2)June (2)May (3)April (2)March (6)February (6)January (2)
2016
September (3)June (1)January (1)
2015
December (5)November (2)October (5)September (4)August (4)July (2)June (5)May (3)March (1)
2014
June (6)May (1)April (4)March (1)February (1)January (2)
2013
November (3)October (1)September (4)August (3)
2012
March (1)
2011
December (1)September (2)July (1)June (23)