I’m using

from smtplib import SMTP_SSL

under Linux and it work flawlessly.

But under Windows10 I get

[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1000)

Extract's of my code
context = ssl.create_default_context()
context.minimum_version = ssl.TLSVersion.TLSv1_3
context.maximum_version = ssl.TLSVersion.TLSv1_3

with SMTP_SSL("", port=465, context=context) as SMTPssl:

I’ve dig a little bit around and I’ve seen this

pip install --upgrade certifi

PyPi certifi

Seem great, but I don’t see how to initialize it in my project ?

Just import certifi seem not enough…

or when doing pip install --upgrade certifi is it modifying directly the Python CA store ?


I think you do something like this:

context = ssl.create_default_context(cafile=certifi.where())

That will have the context use certifi’s pem file.

1 Like

Can’t python user the windows trust store?
I recall reading about a pypi package that needed to be added to do that, but I do not recall the details.

I’ve found wincertstore
but it’s weird because we can read on their PyPi page

The package is deprecated. Since Python 2.7.9 ssl.create_default_context() automatically loads certificates from Windows’ cert store.

if it’s the case, I’m wondering why people under windows face this error…

it’s working , thanks !

But of course this solution only work if the target server certificate is signed by one of those CA…

and of course it’s only a temporary solution as CA have a validity date… :confused:

Maybe related to one of these issues?

Do you know which certificate is missing? A test tool like this should show the entire required chain under “Additional Certificates (if supplied)”.

1 Like