SpongeB0B
(SpongeBOB)
1
Hi,
I’m using
from smtplib import SMTP_SSL
under Linux and it work flawlessly.
But under Windows10 I get
[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1000)
Extract's of my code
context = ssl.create_default_context()
context.minimum_version = ssl.TLSVersion.TLSv1_3
context.maximum_version = ssl.TLSVersion.TLSv1_3
with SMTP_SSL("SomeSMTPServer.com", port=465, context=context) as SMTPssl:
.....
I’ve dig a little bit around and I’ve seen this
pip install --upgrade certifi
PyPi certifi
Seem great, but I don’t see how to initialize it in my project ?
Just import certifi seem not enough…
or when doing pip install --upgrade certifi is it modifying directly the Python CA store ?
Thanks.
csm10495
(Charles Machalow)
2
I think you do something like this:
context = ssl.create_default_context(cafile=certifi.where())
That will have the context use certifi’s pem file.
1 Like
Can’t python user the windows trust store?
I recall reading about a pypi package that needed to be added to do that, but I do not recall the details.
SpongeB0B
(SpongeBOB)
4
I’ve found wincertstore
but it’s weird because we can read on their PyPi page
The package is deprecated. Since Python 2.7.9 ssl.create_default_context() automatically loads certificates from Windows’ cert store.
if it’s the case, I’m wondering why people under windows face this error…
SpongeB0B
(SpongeBOB)
5
it’s working , thanks !
But of course this solution only work if the target server certificate is signed by one of those CA…
and of course it’s only a temporary solution as CA have a validity date… 
petersuter
(Peter Suter)
6
Maybe related to one of these issues?
Do you know which certificate is missing? A test tool like this should show the entire required chain under “Additional Certificates (if supplied)”.
1 Like