quilt
dev
Search
⌃K
Links

Custom SSL certificates

When using the quilt3 API or CLI with a client-to-site VPN you may need to trust a custom certificate in Python.

Mac OS X

  1. 1.
    Direct your browser to an HTTPS website that uses a custom certificate.
  2. 2.
    Click the lock icon in the address bar.
  3. 3.
    Click View certificates and copy the certificate name to a safe place.
  4. 4.
    Open Keychain Access and select System Keychains > System Roots.
  5. 5.
    Click the Certificates tab.
  6. 6.
    Find the certificate that you noted above.
  7. 7.
    Click File > Export Items... to export the root certificate.
  8. 8.
    Convert the exported certificate in Terminal as follows:
    openssl x509 -inform der -in /path/to/your/certificate.cer -out /path/to/converted/certificate.crt
  9. 9.
    Export the following variable. You may wish to do this in a startup file for repeatability.
    export REQUESTS_CA_BUNDLE=/path/to/converted/certificate.crt

Linux

  1. 1.
    Export the following variable. You may wish to do this in a startup file for repeatability.
    export REQUESTS_CA_BUNDLE=/etc/pki/tls/certs/ca-bundle.crt
The single-file version of your CA certificate may be found in different locations depending upon your operating system.

Windows

  1. 1.
    Direct your browser to an HTTPS website that uses a custom certificate.
  2. 2.
    Click the lock icon in the address bar.
  3. 3.
    Click View certificates and copy the certificate name to a safe place.
  4. 4.
    Open the Command Prompt («Win + R») and type certmgr to open your Windows Certificate Manager.
  5. 5.
    Find the certificate that you noted above.
    MITM certificate
  6. 6.
    Export the certificate in Base-64 encoded X.509 (.CER) to your file system (\Path\To\mycert.cer).
  7. 7.
    Convert the exported certificate in the Command Prompt as follows (assumes OpenSSL is installed):
    • Certificate in der encoding:
    openssl x509 -inform der -in \Path\To\mycert.cer -out \Path\To\Converted\mycert.crt
    • Certificate in pem encoding (no conversion necessary):
    openssl x509 -in \Path\To\mycert.cer -out \Path\To\Converted\mycert.crt
  8. 8.
    Export the following variable. You may wish to do this in a startup file for repeatability.
    set REQUESTS_CA_BUNDLE=Path\To\Converted\mycert.crt

Verification

quilt3 should no longer fail with SSL errors related to the custom certificate.

References