Custom SSL Certificates

When using the quilt3 API or CLI with a client-to-site VPN you may need to trust a custom certificate in Python.

Convert the exported certificate in Terminal as follows:

openssl x509 -inform der -in /path/to/your/certificate.cer -out /path/to/converted/certificate.crt

Export the following variable. You may wish to do this in a startup file for repeatability.
```
export REQUESTS_CA_BUNDLE=/path/to/converted/certificate.crt
```

Export the following variable. You may wish to do this in a startup file for repeatability.
```
export REQUESTS_CA_BUNDLE=/etc/pki/tls/certs/ca-bundle.crt
```

The single-file version of your CA certificate may be found in different locations depending upon your operating system.

Direct your browser to an HTTPS website that uses a custom certificate.
Click the lock icon in the address bar.
Click View certificates and copy the certificate name to a safe place.
Open the Command Prompt («Win + R») and type certmgr to open your Windows Certificate Manager.
Find the certificate that you noted above.
MITM certificate
Export the certificate in Base-64 encoded X.509 (.CER) to your file system (\Path\To\mycert.cer).
Convert the exported certificate in the Command Prompt as follows (assumes OpenSSL is installed):
- Certificate in der encoding:
```
openssl x509 -inform der -in \Path\To\mycert.cer -out \Path\To\Converted\mycert.crt
```
- Certificate in pem encoding (no conversion necessary):
```
openssl x509 -in \Path\To\mycert.cer -out \Path\To\Converted\mycert.crt
```
Export the following variable. You may wish to do this in a startup file for repeatability.
```
set REQUESTS_CA_BUNDLE=Path\To\Converted\mycert.crt
```

quilt3 should no longer fail with SSL errors related to the custom certificate.

Last updated 2 years ago

Was this helpful?