PYTHON - Determine CA cert file in use
De PedroWiki
Introduction
In some cases (let's say when there's some deep inspection on your firewalls, and you use an internal PKI cert to re cypher flows) any SSL access made through Python application may fail with such errors:
root@mymachine:~# ansible-galaxy collection init usage: ansible-galaxy collection init [-h] [-s API_SERVER] [--api-key API_KEY] [-c] [-v] [-f] [--init-path INIT_PATH] [--collection-skeleton COLLECTION_SKELETON] collection_name ansible-galaxy collection init: error: the following arguments are required: collection_name root@mymachine:~# ansible-galaxy collection install azure.azcollection Process install dependency map ERROR! Unknown error when attempting to call Galaxy at 'https://galaxy.ansible.com/api/': <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1131)>
How to check with CA file is in use?
Open a Python console:
root@man-jpe:~# python3 Python 3.8.10 (default, Nov 14 2022, 12:59:47) [GCC 9.4.0] on linux Type "help", "copyright", "credits" or "license" for more information. >>>
Import certifi and request the file in use:
>>> import certifi >>> certifi.where() '/etc/ssl/certs/ca-certificates.crt'