pip-system-certs

5.3 · active · verified Thu Apr 09

pip-system-certs automatically configures Python to use system certificates via the `truststore` library. It primarily achieves this by monkey-patching `urllib3`, allowing `pip` and other applications utilizing `urllib3` (like `requests`) to respect OS-provided certificate bundles. It is currently at version 5.3 and typically sees several releases per year, often in conjunction with updates to `pip` or its underlying `truststore` dependency.

Warnings

gotcha pip-system-certs will not override existing certificate configurations set via `PIP_CERT` environment variable or the `cert` option in `pip.conf`. It's intended for environments not already using a custom certificate bundle.
Fix: Ensure `PIP_CERT` is unset and no `cert` option is configured in `pip.conf` if you intend for pip-system-certs to manage certificates. If custom certificates are needed, manage them manually or through environment configurations.
breaking Requires Python 3.10 or higher. The underlying `truststore` library leverages features specific to modern Python versions, making `pip-system-certs` incompatible with older Python runtimes.
Fix: Upgrade your Python environment to version 3.10 or newer to use `pip-system-certs`.
gotcha The library works by monkey-patching `urllib3`. This approach can potentially conflict with other libraries or custom code that also modifies `urllib3`'s internal behavior.
Fix: Be aware of potential conflicts if other packages in your environment perform deep `urllib3` modifications. Test thoroughly when integrating with complex network stack setups. In case of issues, temporarily uninstall `pip-system-certs` to isolate the problem.

Install

pip install pip-system-certs Install into Python environment

Imports

pip_system_certs
```
import pip_system_certs
```
The `pip-system-certs` library's primary function is to activate automatically upon installation and Python environment load; it does not typically expose public functions or classes for direct invocation. Importing the module primarily serves to ensure it's loaded, though its effect is side-effectual and generally does not require explicit calls.

Quickstart

Install `pip-system-certs` into your Python environment. Once installed, it automatically configures `urllib3` (and libraries depending on it, like `requests`) to use system certificates. The quickstart code demonstrates this by making an `https` request to a public website, which should succeed if system certificates are correctly utilized.

# IMPORTANT: Before running this code, install pip-system-certs and requests:
# python -m pip install pip-system-certs requests

import requests
import sys

print(f"Python version: {sys.version.splitlines()[0]}")
print("Attempting to fetch https://pypi.org to verify system certificate usage...")

try:
    # requests uses urllib3, which pip-system-certs patches to use system certificates.
    response = requests.get("https://pypi.org", timeout=10)
    response.raise_for_status() # Raise an exception for HTTP errors (4xx or 5xx)

    print(f"Successfully connected to pypi.org! Status: {response.status_code}")
    print("This indicates that pip-system-certs (via truststore) is likely active, enabling requests to use your system's trusted certificates.")

except requests.exceptions.SSLError as e:
    print(f"SSL Error encountered: {e}")
    print("This suggests pip-system-certs might not be correctly configured, system certificates are invalid, or it's not active.")
except requests.exceptions.RequestException as e:
    print(f"A general request error occurred: {e}")
    print("Please check your network connection and confirm pip-system-certs is installed.")

view raw JSON →