{"id":1856,"library":"pip-system-certs","title":"pip-system-certs","description":"pip-system-certs automatically configures Python to use system certificates via the `truststore` library. It primarily achieves this by monkey-patching `urllib3`, allowing `pip` and other applications utilizing `urllib3` (like `requests`) to respect OS-provided certificate bundles. It is currently at version 5.3 and typically sees several releases per year, often in conjunction with updates to `pip` or its underlying `truststore` dependency.","status":"active","version":"5.3","language":"en","source_language":"en","source_url":"https://github.com/pypa/pip-system-certs","tags":["security","certificates","tls","networking","pip","truststore","ssl"],"install":[{"cmd":"pip install pip-system-certs","lang":"bash","label":"Install into Python environment"}],"dependencies":[{"reason":"Provides the core functionality for accessing and managing system certificate stores.","package":"truststore","optional":false}],"imports":[{"note":"The `pip-system-certs` library's primary function is to activate automatically upon installation and Python environment load; it does not typically expose public functions or classes for direct invocation. Importing the module primarily serves to ensure it's loaded, though its effect is side-effectual and generally does not require explicit calls.","wrong":"pip_system_certs.enable_system_certs()","symbol":"pip_system_certs","correct":"import pip_system_certs"}],"quickstart":{"code":"# IMPORTANT: Before running this code, install pip-system-certs and requests:\n# python -m pip install pip-system-certs requests\n\nimport requests\nimport sys\n\nprint(f\"Python version: {sys.version.splitlines()[0]}\")\nprint(\"Attempting to fetch https://pypi.org to verify system certificate usage...\")\n\ntry:\n    # requests uses urllib3, which pip-system-certs patches to use system certificates.\n    response = requests.get(\"https://pypi.org\", timeout=10)\n    response.raise_for_status() # Raise an exception for HTTP errors (4xx or 5xx)\n\n    print(f\"Successfully connected to pypi.org! Status: {response.status_code}\")\n    print(\"This indicates that pip-system-certs (via truststore) is likely active, enabling requests to use your system's trusted certificates.\")\n\nexcept requests.exceptions.SSLError as e:\n    print(f\"SSL Error encountered: {e}\")\n    print(\"This suggests pip-system-certs might not be correctly configured, system certificates are invalid, or it's not active.\")\nexcept requests.exceptions.RequestException as e:\n    print(f\"A general request error occurred: {e}\")\n    print(\"Please check your network connection and confirm pip-system-certs is installed.\")","lang":"python","description":"Install `pip-system-certs` into your Python environment. Once installed, it automatically configures `urllib3` (and libraries depending on it, like `requests`) to use system certificates. The quickstart code demonstrates this by making an `https` request to a public website, which should succeed if system certificates are correctly utilized."},"warnings":[{"fix":"Ensure `PIP_CERT` is unset and no `cert` option is configured in `pip.conf` if you intend for pip-system-certs to manage certificates. If custom certificates are needed, manage them manually or through environment configurations.","message":"pip-system-certs will not override existing certificate configurations set via `PIP_CERT` environment variable or the `cert` option in `pip.conf`. It's intended for environments not already using a custom certificate bundle.","severity":"gotcha","affected_versions":"All versions"},{"fix":"Upgrade your Python environment to version 3.10 or newer to use `pip-system-certs`.","message":"Requires Python 3.10 or higher. The underlying `truststore` library leverages features specific to modern Python versions, making `pip-system-certs` incompatible with older Python runtimes.","severity":"breaking","affected_versions":"<5.0 (implicit, as earlier versions might have different truststore requirements), but 5.x explicitly requires >=3.10"},{"fix":"Be aware of potential conflicts if other packages in your environment perform deep `urllib3` modifications. Test thoroughly when integrating with complex network stack setups. In case of issues, temporarily uninstall `pip-system-certs` to isolate the problem.","message":"The library works by monkey-patching `urllib3`. This approach can potentially conflict with other libraries or custom code that also modifies `urllib3`'s internal behavior.","severity":"gotcha","affected_versions":"All versions"}],"env_vars":null,"last_verified":"2026-04-09T00:00:00.000Z","next_check":"2026-07-08T00:00:00.000Z"}