mdutkin · March 11, 2025 20:26
diff --git a/gistfile1.txt b/gistfile1.txt
 # in case you have problems accessing servers over https using libraries like
 # requests due to the failed certificate validation and you're 100% sure that
 # those certs work for the rest of your software, you need to combine whatever
 # you have in your Keychain and tell your python where to look for this bundled
 # file. tested on the pyenv environment.

 # export system root certs
 security export -t certs -f pemseq -k /System/Library/Keychains/SystemRootCertificates.keychain -o bundleCA.pem

 # export self-signed certs
 security export -t certs -f pemseq -k /Library/Keychains/System.keychain -o selfSignedCAbundle.pem

 # make one fat cert
 cat bundleCA.pem selfSignedCAbundle.pem >> allCAbundle.pem

 # now you should be able to export several env variables and be good
 CERT_PATH=$(pwd)/allCAbundle.pem

 export REQUESTS_CA_BUNDLE=${CERT_PATH}
 export SSL_CERT_FILE=${CERT_PATH}
	# in case you have problems accessing servers over https using libraries like
	# requests due to the failed certificate validation and you're 100% sure that
	# those certs work for the rest of your software, you need to combine whatever
	# you have in your Keychain and tell your python where to look for this bundled
	# file. tested on the pyenv environment.

	# export system root certs
	security export -t certs -f pemseq -k /System/Library/Keychains/SystemRootCertificates.keychain -o bundleCA.pem

	# export self-signed certs
	security export -t certs -f pemseq -k /Library/Keychains/System.keychain -o selfSignedCAbundle.pem

	# make one fat cert
	cat bundleCA.pem selfSignedCAbundle.pem >> allCAbundle.pem

	# now you should be able to export several env variables and be good
	CERT_PATH=$(pwd)/allCAbundle.pem

	export REQUESTS_CA_BUNDLE=${CERT_PATH}
	export SSL_CERT_FILE=${CERT_PATH}