Skip to main content

Automatically configures Python to use system certificates via truststore

Project description

This package automatically configures Python to use system certificates from the OS certificate store instead of the bundled certificates via the truststore library.

This allows pip and Python applications to verify TLS/SSL connections to servers whose certificates are trusted by your system.

Simply install with:

pip install pip_system_certs

and Python will automatically use your system’s certificate store for all SSL verification.

This works for pip, requests, urllib3, and any other Python library that uses the standard SSL context.

Requirements

  • Python 3.10 or higher

  • pip 24.2 or higher (upgraded automatically if needed)

Compatibility

pip-system-certs uses pip’s built-in truststore library to inject system certificate verification into Python’s SSL context. This provides native OS integration using:

  • macOS: Security framework

  • Windows: CryptoAPI

  • Linux: OpenSSL with system certificate stores

This approach leverages the same truststore technology that pip uses internally, ensuring compatibility and reliability. It automatically works with any Python library that uses SSL (requests, urllib3, httpx, etc.).

If you encounter issues, please report them at https://gitlab.com/alelec/pip-system-certs/-/issues

Known Issues

  • conda virtual environments on Linux may install a separate SSL certificate store which takes precedence over the system store, potentially preventing this package from accessing system-installed certificates.

PyInstaller

The automatic certificate configuration relies on a .pth file that Python loads at startup. This method does not work when bundling applications with PyInstaller or similar tools.

For PyInstaller applications, manually enable system certificates by adding this line early in your main script:

import pip_system_certs.wrapt_requests; pip_system_certs.wrapt_requests.inject_truststore()

This must be called before any SSL connections are made.

Architecture

This package uses a bootstrap system to automatically inject system certificate support:

  1. A .pth file triggers the bootstrap when Python starts

  2. Uses pip’s vendored truststore library (pip 24.2+) for compatibility

  3. Calls truststore.inject_into_ssl() to globally configure system certificates

  4. All subsequent SSL connections (pip, requests, etc.) use the system certificate store

Acknowledgements

This package leverages pip’s vendored truststore library by Seth Michael Larson for system certificate integration. This ensures compatibility with modern pip versions while avoiding dependency conflicts.

The bootstrap system was originally inspired by the autowrapt module.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

pip_system_certs-5.2.tar.gz (5.4 kB view details)

Uploaded Source

Built Distribution

pip_system_certs-5.2-py3-none-any.whl (5.9 kB view details)

Uploaded Python 3

File details

Details for the file pip_system_certs-5.2.tar.gz.

File metadata

  • Download URL: pip_system_certs-5.2.tar.gz
  • Upload date:
  • Size: 5.4 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.1.0 CPython/3.13.5

File hashes

Hashes for pip_system_certs-5.2.tar.gz
Algorithm Hash digest
SHA256 80b776b5cf17191bf99d313699b7fce2fdb84eb7bbb225fd134109a82706406f
MD5 f7c607ab1a332f9ce5a1d8bb6a55683b
BLAKE2b-256 3d0ca338ae5d49192861cf54da4d5c2af0efe47edbaa0827995b284005366ca5

See more details on using hashes here.

File details

Details for the file pip_system_certs-5.2-py3-none-any.whl.

File metadata

  • Download URL: pip_system_certs-5.2-py3-none-any.whl
  • Upload date:
  • Size: 5.9 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.1.0 CPython/3.13.5

File hashes

Hashes for pip_system_certs-5.2-py3-none-any.whl
Algorithm Hash digest
SHA256 e6ef3e106d4d02313e33955c2bcc4c2b143b2da07ef91e28a6805a0c1c512126
MD5 69f7a0882f9dd9b4996170b9af700ac1
BLAKE2b-256 99ce608bbe82759363d6e752dd370daf066be3be8e7ffdb79838501ed6104173

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page