How do I disable the security certificate check in Python requests

Running the show with context managers

If your script makes multiple requests, you'll probably get tired of typing verify=False every time. To make your life easier, consider stepping up your game with a context manager. This code manager sets verify=False as default and tidies up afterwards by closing all open adapters.

Context managers: setting SSL checks to chill mode

from contextlib import contextmanager
import requests

@contextmanager
def unverified_https_requests():
    # Create a session that doesn't care about SSL checks.
    session = requests.Session()
    session.verify = False
    # We are going rogue, but we don't want to be reminded about it at every step.
    requests.packages.urllib3.disable_warnings()
    try:
        yield session
    finally:
        # Prepares us for leaving the party without a trace.
        session.close()

# Time to go incognito!
with unverified_https_requests() as session:
    response = session.get('https://example.com')


Warnings: keeping that console clean

We don't need the console constantly fussing about security risks. Lay down some ground rules and ensure that InsecureRequestWarning takes a backseat:

# Do this only when you know what you are getting into:
import urllib3
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)


SSL checks: a cool-off period with environment variables

You have another choice to tell SSL checks to cool off. The CURL_CA_BUNDLE environment variable, when set to an empty string, will make the SSL checks take a temporary hiatus:

export CURL_CA_BUNDLE=""


Remember to run this in your shell before executing the Python script. Be cool and avoid doing this in an environment where other applications are partying.

SSL context manipulation: the secret handshake

For you Python mavens who know the secret handshake with the ssl module, here is your special cocktail:

import ssl
import requests

ssl_context = ssl.create_default_context()
ssl_context.verify_mode = ssl.CERT_NONE

response = requests.get('https://example.com', verify=ssl_context)


Friendly advice: Leave this skill at home when you're headed for production environments.

Safety guidelines and casting spells responsibly

We all love to use that fancy wand and say "Alohomora" to SSL checks. But remember, with great magic comes great responsibility.

Don't mess with sensitive data

Don't even think about waving this magic wand around sensitive data. SSL checks aren't your enemies. They're like those friendly bodyguards, protecting your information from the dark wizards of Man-in-the-Middle attacks.

Reusing sessions? Set SSL to chill mode in the same breathe

If you're casting multiple spells within the same Session, make it easy on yourself and set Session.verify to False right from the start. This gives you a one-click spell that doesn't change throughout the session:

s = requests.Session()
s.verify = False


Dealing with expired certificates

So you've got a service with an expired SSL certificate, eh? Think twice before bypassing the checks. More often than not, it's safer to get a new certificate than risking your information assets.

Investing in security knowledge

Casting Alohomora on SSL checks comes with a price tag. Make sure you've got the security knowledge to pay up. Be aware of the risks involved and be prepared to handle the possible consequences.