Repository files navigation

Certifi provides Mozilla's carefully curated collection of Root Certificates forvalidating the trustworthiness of SSL certificates while verifying the identityof TLS hosts. It has been extracted from theRequests project.

certifi is available on PyPI. Simply install it withpip:

$ pip install certifi

To reference the installed certificate authority (CA) bundle, you can use thebuilt-in function:

>>> import certifi>>> certifi.where()'/usr/local/lib/python3.7/site-packages/certifi/cacert.pem'

Or from the command line:

$ python -m certifi/usr/local/lib/python3.7/site-packages/certifi/cacert.pem

Enjoy!

Browsers and certificate authorities have concluded that 1024-bit keys areunacceptably weak for certificates, particularly root certificates. For thisreason, Mozilla has removed any weak (i.e. 1024-bit key) certificate from itsbundle, replacing it with an equivalent strong (i.e. 2048-bit or greater key)certificate from the same CA. Because Mozilla removed these certificates fromits bundle,certifi removed them as well.

In previous versions,certifi provided thecertifi.old_where() functionto intentionally re-add the 1024-bit roots back into your bundle. This was notrecommended in production and therefore was removed at the end of 2018.

Certifi does not support any addition/removal or other modification of theCA trust store content. This project is intended to provide a reliable andhighly portable root of trust to python deployments. Look to upstream projectsfor methods to use alternate trust.