{"id":5437,"library":"python-certifi-win32","title":"Python Certifi Win32","description":"python-certifi-win32 is a Python package that patches the `certifi` module at runtime to include certificates from the Windows certificate store. This allows applications like `requests` (and tools based on it, such as `pip`) to verify TLS/SSL connections to servers whose Certificate Authorities (CAs) are trusted by the Windows operating system. The package is currently at version 1.6.1, but is generally unmaintained and has been superseded by `pip-system-certs`.","status":"maintenance","version":"1.6.1","language":"en","source_language":"en","source_url":"https://github.com/hu13/python-certifi-win32","tags":["windows","certificates","ssl","tls","certifi","security"],"install":[{"cmd":"pip install python-certifi-win32","lang":"bash","label":"Using pip"},{"cmd":"conda install -c conda-forge python-certifi-win32","lang":"bash","label":"Using Conda"}],"dependencies":[{"reason":"This package patches certifi to extend its CA bundle with Windows system certificates.","package":"certifi"},{"reason":"Often used in conjunction with this library to enable secure HTTPS connections in corporate or enterprise environments that rely on Windows' trusted CAs.","package":"requests","optional":true}],"imports":[{"note":"While the core functionality is runtime patching, direct import may be needed for specific scenarios like PyInstaller bundles to manually enable certificate handling.","symbol":"certifi_win32","correct":"import certifi_win32"}],"quickstart":{"code":"import requests\nimport sys\nimport os\n\nprint(f\"Attempting to make a secure request...\")\n\ntry:\n    # In a Windows environment with python-certifi-win32 installed,\n    # this request should implicitly use the combined CA bundle\n    # including Windows system certificates.\n    response = requests.get(\"https://www.google.com\", timeout=10)\n    response.raise_for_status()\n    print(f\"Successfully connected to Google (Status: {response.status_code})\")\n    print(\"This indicates that SSL/TLS verification worked, potentially leveraging Windows system certificates.\")\nexcept requests.exceptions.RequestException as e:\n    print(f\"Error making request: {e}\")\n    print(\"If this is on Windows and behind a corporate proxy, python-certifi-win32 aims to resolve such SSL errors by including system CAs.\")\n\n# Example of how it might be explicitly used for PyInstaller (not part of typical quickstart)\n# if sys.platform == 'win32':\n#     import certifi_win32\n#     # This sets an environment variable that 'requests' respects to find the CA bundle.\n#     os.environ['REQUESTS_CA_BUNDLE'] = certifi_win32.wincerts.where()\n#     certifi_win32.generate_pem()\n#     print(f\"REQUESTS_CA_BUNDLE set to: {os.environ['REQUESTS_CA_BUNDLE']}\")","lang":"python","description":"This quickstart demonstrates how `python-certifi-win32` is intended to work. After installation, it transparently patches `certifi` to include Windows system certificates. When libraries like `requests` make HTTPS calls, they automatically leverage this enhanced certificate store for verification, which is particularly useful in enterprise environments that rely on custom root CAs deployed via Windows Group Policy. The example performs a simple `requests.get` to show a successful secure connection. Explicit imports are typically not needed for runtime patching, but are shown commented for advanced use cases like PyInstaller."},"warnings":[{"fix":"Uninstall `python-certifi-win32` and install `pip-system-certs`: `pip uninstall python-certifi-win32 && pip install pip-system-certs`.","message":"The package `python-certifi-win32` is generally unmaintained and has been replaced by `pip-system-certs`. Users are strongly encouraged to migrate to `pip-system-certs` for ongoing support and compatibility, especially with newer Python versions.","severity":"breaking","affected_versions":"All versions"},{"fix":"Locate and delete `python-certifi-win32-init.pth` and `distutils-precedence.pth` files from your Python's `site-packages` directory (e.g., `C:\\Users\\<username>\\AppData\\Local\\Programs\\Python\\Python310\\Lib\\site-packages`). This disables the runtime patching and may require manual certificate handling or migration to `pip-system-certs`.","message":"Installation can lead to `PermissionError: [WinError 32]` errors when running `pip` or other Python commands. This is often caused by `.pth` files left open or in use.","severity":"gotcha","affected_versions":"All versions, particularly on Python 3.10+"},{"fix":"Use Python 3.4+ or migrate to `pip-system-certs` which explicitly supports modern Python versions.","message":"Version 1.4 and later dropped explicit support for Python 2 due to syntax changes (`return` with argument inside generator). While the PyPI metadata might indicate Python 2 compatibility, it is not functional.","severity":"breaking","affected_versions":"1.4+"},{"fix":"Before importing `requests` (or other SSL-aware libraries), explicitly `import certifi_win32`, set `os.environ['REQUESTS_CA_BUNDLE'] = certifi_win32.wincerts.where()`, and call `certifi_win32.generate_pem()`.","message":"When bundling applications with PyInstaller (or similar tools), the automatic runtime patching of `certifi` does not work. Manual intervention is required to integrate Windows certificates.","severity":"gotcha","affected_versions":"All versions"},{"fix":"Install the package with administrator privileges or, preferably, migrate to `pip-system-certs`.","message":"Installing `python-certifi-win32` as a non-admin user on Windows 10 has been reported to cause runtime environment failures, including `PermissionError` during Python startup or when running `pip`.","severity":"gotcha","affected_versions":"All versions"}],"env_vars":null,"last_verified":"2026-04-13T00:00:00.000Z","next_check":"2026-07-12T00:00:00.000Z"}