Using Self-Signed Certificates
CUE Zipline depends on the curated set of certificate authority (CA) certificates from the Mozilla Project. This means that connecting to servers via HTTPS should work out of the box so long as the server certificates have been acquired from a public certificate authority.
Certificate verification will, however, fail if a server or proxy that
CUE Zipline needs to
connect to uses a self-signed certificate. To prevent this happening,
must be preconfigured with information about your custom CA certificate.
To do this, you need to create a certificate
bundle, containing all the CA certificates needed by
both your custom CA certificate and all the public ones. You then need
with the location of the bundle by setting the
REQUESTS_CA_BUNDLE environment variable.
You can get the path of the file containing CUE Zipline's default CA certificate bundle by entering the following command:
$python -m certifi
You must not directly add your custom certificate to this file, because the file is overwritten every time CUE Zipline is upgraded. What you need to do instead is create a new bundle by:
Copying the file to a new location.
Appending the content of your custom CA certificate (not the server certificate) to the new file.
$cat $(python -m certifi) myCA.pem > /path/to/myCABundle.pem
You now have a new certificate bundle containing all the certificates
REQUESTS_CA_BUNDLE environment variable to
point to this file, and start
REQUESTS_CA_BUNDLE is not set when
CUE Zipline starts,
then it looks for the environment variable
is also not set, then it uses the Mozilla curated CA certificate set
included in the