From d262cb7cab0eea6c770026d1b0a4e1bcf1960b7a Mon Sep 17 00:00:00 2001 From: david Date: Mon, 2 Jul 2018 17:54:43 +0000 Subject: [PATCH 1/4] =?UTF-8?q?Create=20Post=20=E2=80=9Ctrusting-the-man-i?= =?UTF-8?q?n-the-middle=E2=80=9D?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../_posts/trusting-the-man-in-the-middle.md | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 source/_posts/trusting-the-man-in-the-middle.md diff --git a/source/_posts/trusting-the-man-in-the-middle.md b/source/_posts/trusting-the-man-in-the-middle.md new file mode 100644 index 0000000..0812f49 --- /dev/null +++ b/source/_posts/trusting-the-man-in-the-middle.md @@ -0,0 +1,18 @@ +--- +title: Trusting the man in the middle +date: '2018-07-02T12:51:13-05:00' +tags: + - tls ssl certificate +--- +### Python + +This tells you where Python is looking for certs +``` +python.exe -c "import ssl; print(ssl.get_default_verify_paths())" +``` + +If the default hasn't been touched you'll see you can use an environment variable named `SSL_CERT_FILE`. + +> Using Azure's Python CLI? +> C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\python.exe + From dfad9f324cfd493a64df414bc4362e0e3283ad03 Mon Sep 17 00:00:00 2001 From: david Date: Mon, 2 Jul 2018 17:55:29 +0000 Subject: [PATCH 2/4] =?UTF-8?q?Update=20Post=20=E2=80=9Ctrusting-the-man-i?= =?UTF-8?q?n-the-middle=E2=80=9D?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- source/_posts/trusting-the-man-in-the-middle.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/_posts/trusting-the-man-in-the-middle.md b/source/_posts/trusting-the-man-in-the-middle.md index 0812f49..d925abb 100644 --- a/source/_posts/trusting-the-man-in-the-middle.md +++ b/source/_posts/trusting-the-man-in-the-middle.md @@ -6,7 +6,7 @@ tags: --- ### Python -This tells you where Python is looking for certs +This tells you where Python is looking for certs [get_default_verify_paths](https://docs.python.org/3/library/ssl.html?highlight=ssl_cert_file#ssl.get_default_verify_paths). ``` python.exe -c "import ssl; print(ssl.get_default_verify_paths())" ``` From 285a7291e3d3f3f7da516034f025a7954f340079 Mon Sep 17 00:00:00 2001 From: david Date: Tue, 7 Aug 2018 18:33:53 +0000 Subject: [PATCH 3/4] =?UTF-8?q?Update=20Post=20=E2=80=9Ctrusting-the-man-i?= =?UTF-8?q?n-the-middle=E2=80=9D?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../_posts/trusting-the-man-in-the-middle.md | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/source/_posts/trusting-the-man-in-the-middle.md b/source/_posts/trusting-the-man-in-the-middle.md index d925abb..d0b1f4a 100644 --- a/source/_posts/trusting-the-man-in-the-middle.md +++ b/source/_posts/trusting-the-man-in-the-middle.md @@ -6,13 +6,19 @@ tags: --- ### Python -This tells you where Python is looking for certs [get_default_verify_paths](https://docs.python.org/3/library/ssl.html?highlight=ssl_cert_file#ssl.get_default_verify_paths). -``` -python.exe -c "import ssl; print(ssl.get_default_verify_paths())" -``` +Specifically, PIP will need to be told about the CA bundle you want to use. There are many ways: -If the default hasn't been touched you'll see you can use an environment variable named `SSL_CERT_FILE`. +- Via the command line argument + ``` + pip --cert path/to/cert install somepackagename + ``` +- Via pip's configuration + ``` + pip config --global set global.cert path/to/cert + ``` +- Via an environment variable named `PIP_CERT` +Python itself, via requests your application makes, depends on the module you are using. A common one is the `requests` module. Set the `REQUESTS_CA_BUNDLE` to the path of your ca.pem file and you are good to go. Remember to reload the environment/profile when you do that though. + > Using Azure's Python CLI? > C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\python.exe - From f2fb654fd5077268b393ebcb90dd1bb1690ab957 Mon Sep 17 00:00:00 2001 From: david Date: Thu, 16 Aug 2018 14:29:19 +0000 Subject: [PATCH 4/4] =?UTF-8?q?Update=20Post=20=E2=80=9Ctrusting-the-man-i?= =?UTF-8?q?n-the-middle=E2=80=9D?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- source/_posts/trusting-the-man-in-the-middle.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/source/_posts/trusting-the-man-in-the-middle.md b/source/_posts/trusting-the-man-in-the-middle.md index d0b1f4a..c81c0e4 100644 --- a/source/_posts/trusting-the-man-in-the-middle.md +++ b/source/_posts/trusting-the-man-in-the-middle.md @@ -22,3 +22,9 @@ Python itself, via requests your application makes, depends on the module you ar > Using Azure's Python CLI? > C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\python.exe + +### Node (npm is later) + +Set the [NODE_EXTRA_CA_CERTS](https://nodejs.org/api/cli.html#cli_node_extra_ca_certs_file) environment variable to the path of your cert file. Reload the environment and you should be good to go. + +Node comes prepackaged with a set of CA certs to trust, like the name above implies, it extends that list of CA certs to include the ones you specify.