无法获取本地颁发者证书 mac OS

Question

Running a simple request on Python3.9 on Mac OS BigSur, I'm getting this error:

HTTPSConnectionPool(host='store.immediasys.com', port=443): Max retries exceeded with url: / (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1091)')))

import requests
try:
    t = requests.get("https://store.immediasys.com/")
except Exception as e:
    pass

I've tried ran the Install Certificates in the Python3.9 folder and I already have certifi installed and updated. Any help with this? It happens on different websites.

Answer 1

The Read Me.rtf for Mac python binaries from python.org states the following:

This variant of Python 3.7 includes its own private copy of OpenSSL 1.1.1. The deprecated Apple-supplied OpenSSL libraries are no longer used. This means that the trust certificates in system and user keychains managed by the Keychain Access application and the security command line utility are no longer used as defaults by the Python ssl module. A sample command script is included in /Applications/Python 3.7 to install a curated bundle of default root certificates from the third-party certifi package.

I had this problem, too, and after running the script (called Install Certificates.command ), everything worked perfectly and I stopped getting the error.

Hat tip to @SamBull in the comments for pointing it out.

Answer 2

The certificate of this web-site is signed by Sectigo RSA Organization Validation Secure Server CA . Your Python installation misses this certificate. Download it from Sectigo web site and add to Python certificates.

The path to your certificates: python -m certifi Just append the downloaded certificate to that file. Please note that you might have to append this certificate to the CRT file each time you update certifi