How to configure SSL client trusted CA certificates?

[gangyang7 at gmail.com]

Hi,



I'm using Python 3.X (3.5 on Windows 2008 and 3.4 on CentOS 6.7) and encountered an SSL client side CA certificates issue. The issue came up when a third-party package (django-cas-ng) tried to verify the CAS service ticket (ST) by calling CAS server using requests.get(...) and failed with CERTIFICATE_VERIFY_FAILED error. The CAS server is accessed by HTTPS with a self-signed server certificate. Following some suggestions on the internet, I've tried to modify django-cas-ng's code to call requests.get(..) with verify parameter, such as requests.get(..., verify=False) and requests.get(..., verify="CAS server cert"). Both workarounds worked, but I can't change third-party package code. I also tried to add the CAS server cert to the underlying OS (Windows 2008 and CentOS 6.7), but it did not help.



My question is where does SSL client code get the trusted CA certificates from, from Python or the underlying OS? What configuration do I need in order for the SSL client to conduct the SSL handshake successfully?



Appreciate any help!



Gang