skip to navigation
skip to content

certifi 2015.11.20

Python package for providing Mozilla's CA Bundle.

Certifi is a carefully curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. It has been extracted from the Requests project.


certifi is available on PyPI. Simply install it with pip:

$ pip install certifi


To reference the installed CA Bundle, you can use the built-in function:

>>> import certifi

>>> certifi.where()


1024-bit Root Certificates

Browsers and certificate authorities have concluded that 1024-bit keys are unacceptably weak for certificates, particularly root certificates. For this reason, Mozilla has removed any weak (i.e. 1024-bit key) certificate from its bundle, replacing it with an equivalent strong (i.e. 2048-bit or greater key) certifiate from the same CA. Because Mozilla removed these certificates from its bundle, certifi removed them as well.

Unfortunately, old versions of OpenSSL (less than 1.0.2) sometimes fail to validate certificate chains that use the strong roots. For this reason, if you fail to validate a certificate using the certifi.where() mechanism, you can intentionally re-add the 1024-bit roots back into your bundle by calling certifi.old_where() instead. This is not recommended in production: if at all possible you should upgrade to a newer OpenSSL. However, if you have no other option, this may work for you.

File Type Py Version Uploaded on Size
certifi-2015.11.20-py2.py3-none-any.whl (md5) Python Wheel 2.7 2015-11-20 358KB
certifi-2015.11.20.tar.gz (md5) Source 2015-11-20 355KB
  • Downloads (All Versions):
  • 26332 downloads in the last day
  • 327085 downloads in the last week
  • 1431619 downloads in the last month