Join us and get access to thousands of tutorials and a community of expert Pythonistas.
This lesson is for members only. Join us and get access to thousands of tutorials and a community of expert Pythonistas.
SSL Certificate Verification
All HTTP methods implemented by the requests library use SSL encryption by default. This lesson will show you how you can disable it, too.
00:00
When sending sensitive data, security is important. SSL Certificate verification is included by default inside of requests. requests has a package called certifi that provides Certificate Authorities. This lets requests know what authorities it can trust.
00:16
Let’s test it out. I’m back here in the REPL and I’ve already imported requests. If we’d like to disable the SSL Certificate verification, we can do that by passing False into the verify parameter of a request function.
00:33
Let’s try the API at github.com. This time we’ll set it to verify and that that’s equal to False.
00:45
So that will come back and say that you’re attempting an insecure request. It said Unverified HTTPS request is being made. Adding certificate verification is strongly advised. It still was a successful request, but—going back to authentication—without SSL you would be sending via Basic authorization your username and password in plaintext, so it’s important that it gets encrypted using SSL.
SreenivasaRao on Jan. 21, 2021
How can we establish trust by trusting the certificate root CA, rather than making SSL certification verification as False.
batradivyesh on Oct. 21, 2022
Where should we place the certificate?
Become a Member to join the conversation.
Fahim on June 3, 2019
Hi, Can we make the verification mandatory using request. Or is it the responsibility of server to make it mandatory.