Join us and get access to thousands of tutorials and a community of expert Pythonistas.

Unlock This Lesson

This lesson is for members only. Join us and get access to thousands of tutorials and a community of expert Pythonistas.

Unlock This Lesson

Hint: You can adjust the default video playback speed in your account settings.
Hint: You can set your subtitle preferences in your account settings.
Sorry! Looks like there’s an issue with video playback 🙁 This might be due to a temporary outage or because of a configuration issue with your browser. Please refer to our video player troubleshooting guide for assistance.

SSL Certificate Verification

Christopher Bailey
Making HTTP Requests With Python Christopher Bailey 01:18
Recommended Tutorial Course Slides (PDF) Ask a Question

All HTTP methods implemented by the requests library use SSL encryption by default. This lesson will show you how you can disable it, too.

00:00 When sending sensitive data, security is important. SSL Certificate verification is included by default inside of requests. requests has a package called certifi that provides Certificate Authorities. This lets requests know what authorities it can trust.

00:16 Let’s test it out. I’m back here in the REPL and I’ve already imported requests. If we’d like to disable the SSL Certificate verification, we can do that by passing False into the verify parameter of a request function.

00:30 Let’s try it out.

00:33 Let’s try the API at github.com. This time we’ll set it to verify and that that’s equal to False.

00:45 So that will come back and say that you’re attempting an insecure request. It said Unverified HTTPS request is being made. Adding certificate verification is strongly advised. It still was a successful request, but—going back to authentication—without SSL you would be sending via Basic authorization your username and password in plaintext, so it’s important that it gets encrypted using SSL.

01:13 Next, let’s talk about performance.

Fahim on June 3, 2019

Hi, Can we make the verification mandatory using request. Or is it the responsibility of server to make it mandatory.

SreenivasaRao on Jan. 21, 2021

How can we establish trust by trusting the certificate root CA, rather than making SSL certification verification as False.

batradivyesh on Oct. 21, 2022

Where should we place the certificate?

Become a Member to join the conversation.