如果你有私人证书要处理，比如你的组织自己的CA根和链的中间部分，那么最好将证书添加到CA文件中，即cacert。pem，而不是绕过整个安全设备(verify=False)。下面的代码让你在2.7+和3+

考虑添加整个证书链，当然您只需要这样做一次。

import certifi

cafile=certifi.where() # cacert file
with open ('rootca.pem','rb') as infile:
    customca=infile.read()
    with open(cafile,'ab') as outfile:
        outfile.write(customca)
with open ('interca.pem','rb') as infile:
    customca=infile.read()
    with open(cafile,'ab') as outfile:
        outfile.write(customca)
with open ('issueca.pem','rb') as infile:
    customca=infile.read()
    with open(cafile,'ab') as outfile:
        outfile.write(customca)

那这个应该能让你振作起来

import requests
response = requests.request("GET", 'https://yoursecuresite.com',  data = {})
print(response.text.encode('utf8'))

希望这能有所帮助

The SSL: CERTIFICATE_VERIFY_FAILED error could also occur because an Intermediate Certificate is missing in the ca-certificates package on Linux. For example, in my case the intermediate certificate "DigiCert SHA2 Secure Server CA" was missing in the ca-certificates package even though the Firefox browser includes it. You can find out which certificate is missing by directly running the wget command on the URL causing this error. Then you can search for the corresponding link to the CRT file for this certificate from the official website (e.g. https://www.digicert.com/digicert-root-certificates.htm in my case) of the Certificate Authority. Now, to include the certificate that is missing in your case, you may run the below commands using your CRT file download link instead:

wget https://cacerts.digicert.com/DigiCertSHA2SecureServerCA.crt

mv DigiCertSHA2SecureServerCA.crt DigiCertSHA2SecureServerCA.der

openssl x509 -inform DER -outform PEM -in DigiCertSHA2SecureServerCA.der -out DigicertSHA2SecureServerCA.pem.crt

sudo mkdir /usr/share/ca-certificates/extra

sudo cp DigicertSHA2SecureServerCA.pem.crt /usr/share/ca-certificates/extra/

sudo dpkg-reconfigure ca-certificates

在此之后，您可以再次使用wget测试URL，也可以使用python urllib包进行测试。详情请参考:https://bugs.launchpad.net/ubuntu/+source/ca-certificates/+bug/1795242

我对Mac OS X的解决方案:

使用从Python语言官方网站https://www.python.org/downloads/下载的本地应用程序Python安装程序升级到Python 3.6.5

我发现这个安装程序在更新新Python的链接和符号链接方面比自制的要好得多。

使用"安装新证书。/Install Certificates.command”，该命令位于刷新后的Python 3.6目录中

cd "/Applications/Python 3.6/"
sudo "./Install Certificates.command"

如果证书是通过Let's encrypt颁发的，请确保在客户机上的中间证书存储中删除过期的DST根CA X3颁发的R3证书。

Ln -s /usr/local/share/certs/ca-root-nss。crt /etc/ssl/cert.pem

(10.1 FreeBSD)

进口的要求 Response =请求。Get("你想要访问的url/api "， verify=" SSL证书的路径")

对我来说，问题是上面的答案没有一个完全帮助我，但给了我正确的方向。

当然，SSL证书是必要的，但当您处于公司防火墙之后，那么公开可用的证书可能就没有帮助了。您可能需要联系您公司的IT部门来获得证书，因为每个公司都使用从他们签约服务的安全提供商那里获得的特殊证书。然后把它放到一个文件夹中并把路径作为验证参数传递给那个文件夹。

对我来说，即使在尝试了上述所有解决方案并使用了错误的证书后，我也无法使其工作。因此，请记住那些在公司防火墙后的人要获得正确的证书。它可以决定请求调用的成功和失败。

在我的例子中，我把证书放在下面的路径中，它像魔术一样起作用。

C:\Program Files\Common文件\ssl

您也可以参考https://2.python-requests.org/en/master/user/advanced/#id3，它讨论ssl验证