Certifi Linux

1.1.0 · active · verified Wed Apr 15

Certifi-linux is a Python library (version 1.1.0) that enhances the `certifi` package by redirecting its certificate authority (CA) bundle resolution to the Linux system trust store instead of using `certifi`'s bundled certificates. This is particularly useful in enterprise Linux environments where system-wide certificate management is preferred. The library achieves this by monkey-patching `certifi.where()` and `certifi.contents()`. It is active and stable, with releases tied to underlying `certifi` and system trust store updates.

Warnings

breaking This library is strictly for Linux operating systems. It will not work on Windows or other non-Linux platforms. For Windows, consider using `pip-system-certs`.
Fix: Ensure deployment is on a compatible Linux distribution or use platform-specific alternatives.
gotcha The library operates by monkey-patching functions within the `certifi` package (`certifi.where()` and `certifi.contents()`). While generally robust, this approach could theoretically lead to conflicts if other installed libraries also attempt to modify `certifi`'s behavior.
Fix: Verify compatibility with other libraries that might interact with `certifi`. If unexpected behavior occurs, inspect the order of imports and any other patching mechanisms.
gotcha For `certifi-linux` to function, the `certifi` package must be installed in the environment, as `certifi-linux` patches `certifi`'s functionality rather than replacing it entirely. `certifi` is not explicitly listed as a direct dependency in `certifi-linux`'s `setup.py`.
Fix: Ensure `pip install certifi` is run if `certifi` is not already installed as a dependency of another package (e.g., `requests`).
gotcha While broadly compatible, `certifi-linux` has been explicitly tested on specific Linux distributions (Alpine, Ubuntu, Debian, Fedora, CentOS, RHEL). Functionality on untested distributions (e.g., Arch, Slackware, OpenWRT, FreeBSD, SUSE, Gentoo) is not guaranteed and may require manual verification.
Fix: Test thoroughly on your target Linux distribution or check the GitHub repository for updated compatibility lists.

Install

pip install certifi-linux Install certifi-linux

Imports

certifi
```
import certifi
```
certifi-linux monkey patches the existing certifi module. The import path remains the same as the original certifi.

Quickstart

After installation, `certifi-linux` automatically patches the `certifi` module. You can verify the patch by checking `certifi.where()`, which should now return the path to your system's CA trust store, and by making a simple HTTPS request using a library like `requests` that relies on `certifi`.

import certifi
import requests

# certifi.where() should now point to your system's CA bundle
system_ca_bundle_path = certifi.where()
print(f"Certifi is now pointing to: {system_ca_bundle_path}")

# Verify a simple HTTPS request using the patched certifi
try:
    response = requests.get('https://www.google.com/', verify=True)
    response.raise_for_status()
    print("Successfully made a secure request using the system CA bundle.")
except requests.exceptions.RequestException as e:
    print(f"Error making secure request: {e}")
    print("Ensure your system's CA certificates are properly configured.")

view raw JSON →