LogoLogo
HomeGitHub RepoBook Demo
dev
dev
  • About Quilt
  • Architecture
  • Mental Model
  • Metadata Management
  • Metadata Workflows
  • Quilt Platform (Catalog) User
    • About the Catalog
    • Bucket Browsing
    • Document Previews
    • Embeddable iFrames
    • Packaging Engine
    • Query
    • Quilt+ URIs
    • Qurator Omni
    • Search
    • Visualization & Dashboards
    • Advanced
      • Athena
      • Elasticsearch
      • Removing Stacks
  • Quilt Platform Administrator
    • Admin Settings UI
    • Catalog Configuration
    • Cross-Account Access
    • Enterprise Installs
    • quilt3.admin Python API
    • Advanced
      • Package Events
      • Private Endpoints
      • Restrict Access by Bucket Prefix
      • S3 Events via EventBridge
      • SSO Permissions Mapping
      • Tabulator
      • Troubleshooting
        • SSO Redirect Loop
    • Best Practices
      • GxP for Security & Compliance
      • Organizing S3 Buckets
  • Quilt Python SDK
    • Installation
    • Quick Start
    • Editing a Package
    • Uploading a Package
    • Installing a Package
    • Getting Data from a Package
    • Example: Git-like Operations
    • API Reference
      • quilt3
      • quilt3.Package
      • quilt3.Bucket
      • quilt3.hooks
      • Local Catalog
      • CLI, Environment
      • Known Limitations
      • Custom SSL Certificates
    • Advanced
      • Browsing Buckets
      • Filtering a Package
      • .quiltignore
      • Manipulating Manifests
      • Materialization
      • S3 Select
    • More
      • Changelog
      • Contributing
      • Frequently Asked Questions
      • Troubleshooting
  • Quilt Ecosystem Integrations
    • Benchling Packager
    • Event-Driven Packaging
    • Nextflow Plugin
Powered by GitBook
On this page
  • Mac OS X
  • Linux
  • Windows
  • Verification
  • References

Was this helpful?

  1. Quilt Python SDK
  2. API Reference

Custom SSL Certificates

When using the quilt3 API or CLI with a client-to-site VPN you may need to trust a custom certificate in Python.

Mac OS X

  1. Direct your browser to an HTTPS website that uses a custom certificate.

  2. Click the lock icon in the address bar.

  3. Click View certificates and copy the certificate name to a safe place.

  4. Open Keychain Access and select System Keychains > System Roots.

  5. Click the Certificates tab.

  6. Find the certificate that you noted above.

  7. Click File > Export Items... to export the root certificate.

  8. Convert the exported certificate in Terminal as follows:

    openssl x509 -inform der -in /path/to/your/certificate.cer -out /path/to/converted/certificate.crt
  9. Export the following variable. You may wish to do this in a startup file for repeatability.

    export REQUESTS_CA_BUNDLE=/path/to/converted/certificate.crt

Linux

  1. Export the following variable. You may wish to do this in a startup file for repeatability.

    export REQUESTS_CA_BUNDLE=/etc/pki/tls/certs/ca-bundle.crt

The single-file version of your CA certificate may be found in different locations depending upon your operating system.

Windows

  1. Direct your browser to an HTTPS website that uses a custom certificate.

  2. Click the lock icon in the address bar.

  3. Click View certificates and copy the certificate name to a safe place.

  4. Open the Command Prompt («Win + R») and type certmgr to open your Windows Certificate Manager.

  5. Find the certificate that you noted above.

  6. Export the certificate in Base-64 encoded X.509 (.CER) to your file system (\Path\To\mycert.cer).

  7. Convert the exported certificate in the Command Prompt as follows (assumes OpenSSL is installed):

    • Certificate in der encoding:

    openssl x509 -inform der -in \Path\To\mycert.cer -out \Path\To\Converted\mycert.crt
    • Certificate in pem encoding (no conversion necessary):

    openssl x509 -in \Path\To\mycert.cer -out \Path\To\Converted\mycert.crt
  8. Export the following variable. You may wish to do this in a startup file for repeatability.

    set REQUESTS_CA_BUNDLE=Path\To\Converted\mycert.crt

Verification

quilt3 should no longer fail with SSL errors related to the custom certificate.

References

PreviousKnown LimitationsNextAdvanced

Last updated 1 year ago

Was this helpful?

SSL certificate verification with Python Requests library
MITM certificate