Skip to main content

Python package for providing Mozilla's CA Bundle.

Project description

Certifi is a carefully curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. It has been extracted from the Requests project.

Installation

certifi is available on PyPI. Simply install it with pip:

$ pip install certifi

Usage

To reference the installed CA Bundle, you can use the built-in function:

>>> import certifi

>>> certifi.where()
'/usr/local/lib/python2.7/site-packages/certifi/cacert.pem'

Enjoy!

1024-bit Root Certificates

Browsers and certificate authorities have concluded that 1024-bit keys are unacceptably weak for certificates, particularly root certificates. For this reason, Mozilla has removed any weak (i.e. 1024-bit key) certificate from its bundle, replacing it with an equivalent strong (i.e. 2048-bit or greater key) certifiate from the same CA. Because Mozilla removed these certificates from its bundle, certifi removed them as well.

Unfortunately, old versions of OpenSSL (less than 1.0.2) sometimes fail to validate certificate chains that use the strong roots. For this reason, if you fail to validate a certificate using the certifi.where() mechanism, you can intentionally re-add the 1024-bit roots back into your bundle by calling certifi.old_where() instead. This is not recommended in production: if at all possible you should upgrade to a newer OpenSSL. However, if you have no other option, this may work for you.

Project details


Release history Release notifications | RSS feed

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

certifi-2015.11.20.1.tar.gz (365.9 kB view details)

Uploaded Source

Built Distribution

certifi-2015.11.20.1-py2.py3-none-any.whl (368.8 kB view details)

Uploaded Python 2 Python 3

File details

Details for the file certifi-2015.11.20.1.tar.gz.

File metadata

File hashes

Hashes for certifi-2015.11.20.1.tar.gz
Algorithm Hash digest
SHA256 30b0a7354a1b32caa8b4705d3f5fb2dadefac7ba4bf8af8a2176869f93e38f16
MD5 e04b512009401603f1485380ac879cf5
BLAKE2b-256 0859d39d98454a4fd2c9e0955590398bcfc4047f8e6dde00d7731cefdb32b403

See more details on using hashes here.

File details

Details for the file certifi-2015.11.20.1-py2.py3-none-any.whl.

File metadata

File hashes

Hashes for certifi-2015.11.20.1-py2.py3-none-any.whl
Algorithm Hash digest
SHA256 ad86683448f7483d4147a64d96856e551734e594c4563747e9fbe2368df13d3f
MD5 144eb8a498f1b98c372eebc6f9a76bc6
BLAKE2b-256 df2186903664789d010c7693523aa44cd6f96f9d60c7bc813761ff3db5fa8aad

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page