Automatically configures Python to use system certificates via truststore
Project description
This package automatically configures Python to use system certificates from the OS certificate store instead of the bundled certificates via the truststore library.
This allows pip and Python applications to verify TLS/SSL connections to servers whose certificates are trusted by your system.
Simply install with:
pip install pip_system_certs
and Python will automatically use your system’s certificate store for all SSL verification.
This works for pip, requests, urllib3, and any other Python library that uses the standard SSL context.
Requirements
Python 3.10 or higher
pip 24.2 or higher (upgraded automatically if needed)
Compatibility
pip-system-certs uses pip’s built-in truststore library to inject system certificate verification into Python’s SSL context. This provides native OS integration using:
macOS: Security framework
Windows: CryptoAPI
Linux: OpenSSL with system certificate stores
This approach leverages the same truststore technology that pip uses internally, ensuring compatibility and reliability. It automatically works with any Python library that uses SSL (requests, urllib3, httpx, etc.).
If you encounter issues, please report them at https://gitlab.com/alelec/pip-system-certs/-/issues
Known Issues
conda virtual environments on Linux may install a separate SSL certificate store which takes precedence over the system store, potentially preventing this package from accessing system-installed certificates.
PyInstaller
The automatic certificate configuration relies on a .pth file that Python loads at startup. This method does not work when bundling applications with PyInstaller or similar tools.
For PyInstaller applications, manually enable system certificates by adding this line early in your main script:
import pip_system_certs.wrapt_requests; pip_system_certs.wrapt_requests.inject_truststore()
This must be called before any SSL connections are made.
Architecture
This package uses a bootstrap system to automatically inject system certificate support:
A .pth file triggers the bootstrap when Python starts
Uses pip’s vendored truststore library (pip 24.2+) for compatibility
Calls truststore.inject_into_ssl() to globally configure system certificates
All subsequent SSL connections (pip, requests, etc.) use the system certificate store
Acknowledgements
This package leverages pip’s vendored truststore library by Seth Michael Larson for system certificate integration. This ensures compatibility with modern pip versions while avoiding dependency conflicts.
The bootstrap system was originally inspired by the autowrapt module.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file pip_system_certs-5.2.tar.gz.
File metadata
- Download URL: pip_system_certs-5.2.tar.gz
- Upload date:
- Size: 5.4 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.13.5
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
80b776b5cf17191bf99d313699b7fce2fdb84eb7bbb225fd134109a82706406f
|
|
| MD5 |
f7c607ab1a332f9ce5a1d8bb6a55683b
|
|
| BLAKE2b-256 |
3d0ca338ae5d49192861cf54da4d5c2af0efe47edbaa0827995b284005366ca5
|
File details
Details for the file pip_system_certs-5.2-py3-none-any.whl.
File metadata
- Download URL: pip_system_certs-5.2-py3-none-any.whl
- Upload date:
- Size: 5.9 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.13.5
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
e6ef3e106d4d02313e33955c2bcc4c2b143b2da07ef91e28a6805a0c1c512126
|
|
| MD5 |
69f7a0882f9dd9b4996170b9af700ac1
|
|
| BLAKE2b-256 |
99ce608bbe82759363d6e752dd370daf066be3be8e7ffdb79838501ed6104173
|
