python requests unable to get local issuer certificate

Python Requests Unable to Get Local Issuer Certificate

If you are working with Python requests and come across an error message that says "Unable to get local issuer certificate", it is most likely due to the SSL certificate validation process. This error occurs when the SSL certificate that is provided by the server is not verified by the client. When the client does not recognize or trust the certification authority (CA) that issued the server's SSL certificate, it cannot establish a secure connection.

Possible Solutions

  • Adding SSL Certificate to Trusted Root Certificates: One way to solve this issue is to add the SSL certificate of the server to your trusted root certificates.
  • Disabling SSL Verification: Another way to fix this issue is by disabling SSL verification, but it's not recommended as it can make your connection vulnerable to man-in-the-middle attacks.

Add SSL Certificate to Trusted Root Certificates

To add the SSL certificate of the server to your trusted root certificates, you can use the following steps:

  1. First, download the SSL certificate from the server using your web browser or command-line tool, like OpenSSL.
  2. Then, locate the Python installation directory on your system and navigate to the "Lib\site-packages\certifi\cacert.pem" file.
  3. Open this file using any text editor and copy the contents of the SSL certificate that you downloaded into this file.
  4. Save the file and close it.
  5. Now, when you run requests.get() or any other requests method, it will use this updated cacert.pem file and establish a secure connection with the server.

Disable SSL Verification

Disabling SSL verification can be done using the following code:


import requests
from requests.packages.urllib3.exceptions import InsecureRequestWarning

requests.packages.urllib3.disable_warnings(InsecureRequestWarning)

response = requests.get('https://example.com', verify=False)

By using the verify=False parameter, you are disabling SSL verification. However, this is not recommended as it can make your connection vulnerable to man-in-the-middle attacks. Use this solution only when you are sure that the server you are connecting to is secure.