Home

certifi

Certifi is a Python package that provides a curated, up-to-date bundle of Mozilla's root certificates to verify the authenticity of SSL/TLS certificates when establishing HTTPS connections from Python applications. The bundle, stored as cacert.pem within the package, replaces or supplements system CA stores to ensure a stable and consistent set of trusted roots across platforms.

Certifi also exposes a function certifi.where() that returns the filesystem path to the bundled CA bundle, enabling

Because the Mozilla root store changes over time, certifi is updated regularly. Users update by upgrading the

Usage notes: If an application needs to override, environment variables such as REQUESTS_CA_BUNDLE or SSL_CERT_FILE can

Impact and scope: Certifi is widely adopted in the Python ecosystem as a standard source of trusted

Limitations: It reflects Mozilla's root store, which may not include some platform-specific roots; for enterprise air-gapped

libraries
to
locate
and
use
it
programmatically.
certifi
package
via
pip;
libraries
that
rely
on
certifi
will
pick
up
the
updated
bundle
when
they
import
certifi.
In
practice,
requests
and
urllib3
commonly
rely
on
certifi
for
TLS
verification.
point
to
a
different
CA
bundle.
root
certificates,
reducing
reliance
on
the
host
OS's
CA
store
in
diverse
environments.
It
is
maintained
by
an
open-source
community
and
is
available
on
PyPI
and
GitHub.
environments,
organizations
may
need
to
manage
their
own
CA
bundle.