Defining custom SSL client certificates¶

Using a proxy for https connections typically requires the local machine to trust the proxy’s root certificate. By default, a bundle of SSL certificates is used, through certifi (using Mozilla curated list).

See Requests official documentation

Here comes how to customize which certificates bundle to use or how to require QDT to use the native system certificates store.

Using `REQUESTS_CA_BUNDLE` or `CURL_CA_BUNDLE`¶

Point to a certificat bundle file path (*.pem).

Example on Windows PowerShell¶

Only for the QDT command scope:

$env:REQUESTS_CA_BUNDLE="$env:USERPROFILE\cacerts.pem"; qdt -vvv

At the shell session scope:

> $env:REQUESTS_CA_BUNDLE="$env:USERPROFILE\cacerts.pem"
> qdt -vvv

Using native system certificates store¶

If the QDT_SSL_USE_SYSTEM_STORES environment variable is set to True, HTTPS requests rely on the native system certificates store.

Note

If enabled, this environment variable take precedence over REQUESTS_CA_BUNDLE or CURL_CA_BUNDLE which are ignored.

Example on Windows PowerShell¶

Only for the QDT command scope:

$env:QDT_SSL_USE_SYSTEM_STORES=true; qdt -vvv

At the shell session scope:

> $env:QDT_SSL_USE_SYSTEM_STORES=true
> qdt -vvv

Defining custom SSL client certificates¶

Using REQUESTS_CA_BUNDLE or CURL_CA_BUNDLE¶

Example on Windows PowerShell¶

Using native system certificates store¶

Example on Windows PowerShell¶

Using `REQUESTS_CA_BUNDLE` or `CURL_CA_BUNDLE`¶