Thanks for your suggestions.  I agree that the Root Certificates and OpenSSL situation on macOS is still less than desirable.  For 3.7.0b2, I have tried to make things more obvious in two ways.  One, the installer package will now attempt to open a Finder window for the /Application/Python 3.7 folder that contains the "Install Certificates.command".  Two, rather than just a generic "installation complete" message at the end of the install, there is now a tailored message that urges the user to click on the "Install Certificates.command" icon. I considered trying to run the command automatically from the installer but that gets a bit messy: 1. it requires a network connection; 2. the installer would need to ensure the installation takes place with the right user and group permission and not just as root; 3. the user might not want to use certifi; and 4. the solution needs to work across all macOS versions supported by the installer variant.  Also, it appears the installer doesn't allow command files to be executed by clicking on a link in the installer window, a prudent security measure.  While not perfect, I think what's now in 3.7.0b2 should be an improvement, at least it will be much harder to overlook without being too obnoxious about it.