SSL: CERTIFICATE_VERIFY_FAILED ( Windows ) (original) (raw)

November 19, 2023, 7:37pm 1

Hi,

I’m using

from smtplib import SMTP_SSL

under Linux and it work flawlessly.

But under Windows10 I get

[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1000)

Extract's of my code

context = ssl.create_default_context()
context.minimum_version = ssl.TLSVersion.TLSv1_3
context.maximum_version = ssl.TLSVersion.TLSv1_3

with SMTP_SSL("SomeSMTPServer.com", port=465, context=context) as SMTPssl:
    .....

I’ve dig a little bit around and I’ve seen this

pip install --upgrade certifi

PyPi certifi

Seem great, but I don’t see how to initialize it in my project ?

Just import certifi seem not enough…

or when doing pip install --upgrade certifi is it modifying directly the Python CA store ?

Thanks.

csm10495 (Charles Machalow) November 19, 2023, 8:09pm 2

I think you do something like this:

context = ssl.create_default_context(cafile=certifi.where())

That will have the context use certifi’s pem file.

barry-scott (Barry Scott) November 19, 2023, 10:39pm 3

Can’t python user the windows trust store?
I recall reading about a pypi package that needed to be added to do that, but I do not recall the details.

SpongeB0B (SpongeBOB) November 20, 2023, 5:18am 4

I’ve found wincertstore
but it’s weird because we can read on their PyPi page

The package is deprecated. Since Python 2.7.9 ssl.create_default_context() automatically loads certificates from Windows’ cert store.

if it’s the case, I’m wondering why people under windows face this error…

SpongeB0B (SpongeBOB) November 20, 2023, 6:31am 5

it’s working , thanks !

But of course this solution only work if the target server certificate is signed by one of those CA…

and of course it’s only a temporary solution as CA have a validity date…

petersuter (Peter Suter) November 20, 2023, 7:15am 6

Maybe related to one of these issues?

• Python doesn’t load intermediate certificates on Windows
• Python doesn’t trigger the download of the certificate bundle on Windows.

Do you know which certificate is missing? A test tool like this should show the entire required chain under “Additional Certificates (if supplied)”.

he.zong (David) June 20, 2024, 11:11am 7

It seems like you encountered an SSL certificate verification error while making an HTTP request.

This error typically occurs when the SSL certificate of the server you’re trying to connect to can’t be verified using the trusted CA certificates on your system.

we need to Ensure the CA Bundle Path is Correct.

More info here : 5 Ways to fix SSL: CERTIFICATE_VERIFY_FAILED in Python - howtouselinux

rocky22 (Rocky) December 5, 2024, 9:40pm 8

below helped for me after everything else I tried:

pip install pip-system-certs

Thanks Rocky
I’m behind a corporate firewall. After looking at 100’s of web pages with suggestions this command finally fixed the problem.