Comment on page
Custom SSL certificates
When using the
quilt3
API or CLI with a client-to-site VPN you may need to trust a custom certificate in Python.- 1.Direct your browser to an HTTPS website that uses a custom certificate.
- 2.Click the lock icon in the address bar.
- 3.Click View certificates and copy the certificate name to a safe place.
- 4.Open Keychain Access and select System Keychains > System Roots.
- 5.Click the Certificates tab.
- 6.Find the certificate that you noted above.
- 7.Click File > Export Items... to export the root certificate.
- 8.Convert the exported certificate in Terminal as follows:openssl x509 -inform der -in /path/to/your/certificate.cer -out /path/to/converted/certificate.crt
- 9.Export the following variable. You may wish to do this in a startup file for repeatability.export REQUESTS_CA_BUNDLE=/path/to/converted/certificate.crt
- 1.Export the following variable. You may wish to do this in a startup file for repeatability.export REQUESTS_CA_BUNDLE=/etc/pki/tls/certs/ca-bundle.crt
The single-file version of your CA certificate may be found in different locations depending upon your operating system.
- 1.Direct your browser to an HTTPS website that uses a custom certificate.
- 2.Click the lock icon in the address bar.
- 3.Click View certificates and copy the certificate name to a safe place.
- 4.Open the Command Prompt («Win + R») and type
certmgr
to open your Windows Certificate Manager. - 5.Find the certificate that you noted above.MITM certificate
- 6.Export the certificate in Base-64 encoded X.509 (.CER) to your file system (
\Path\To\mycert.cer
). - 7.Convert the exported certificate in the Command Prompt as follows (assumes OpenSSL is installed):
- Certificate in
der
encoding:
openssl x509 -inform der -in \Path\To\mycert.cer -out \Path\To\Converted\mycert.crt- Certificate in
pem
encoding (no conversion necessary):
openssl x509 -in \Path\To\mycert.cer -out \Path\To\Converted\mycert.crt - 8.Export the following variable. You may wish to do this in a startup file for repeatability.set REQUESTS_CA_BUNDLE=Path\To\Converted\mycert.crt
quilt3
should no longer fail with SSL errors related to the custom certificate.Last modified 6mo ago