Message 381059 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	teeks99
Recipients	chris-k, christian.heimes, paul.moore, steve.dower, teeks99, tim.golden, zach.ware
Date	2020-11-16.03:18:02
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1605496683.36.0.771417741538.issue36011@roundup.psfhosted.org>
In-reply-to

Content
Christian's message indicated that a workaround was possible by adding mozilla's certs to windows cert store. I'm sure there are sysadmins who will really hate this idea, but I've successfully implemented it in a windows docker image, and wanted to document here. Powershell commands, requires OpenSSL to be installed on the system: ``` cd $env:USERPROFILE; Invoke-WebRequest https://curl.haxx.se/ca/cacert.pem -OutFile $env:USERPROFILE\cacert.pem; $plaintext_pw = 'PASSWORD'; $secure_pw = ConvertTo-SecureString $plaintext_pw -AsPlainText -Force; & 'C:\Program Files\OpenSSL-Win64\bin\openssl.exe' pkcs12 -export -nokeys -out certs.pfx -in cacert.pem -passout pass:$plaintext_pw; Import-PfxCertificate -Password $secure_pw -CertStoreLocation Cert:\LocalMachine\Root -FilePath certs.pfx; ``` Once mozilla's store is imported into the microsoft trusted root store, python has everything it needs to access files directly.

Christian's message indicated that a workaround was possible by adding mozilla's certs to windows cert store. 

I'm sure there are sysadmins who will really hate this idea, but I've successfully implemented it in a windows docker image, and wanted to document here.

Powershell commands, requires OpenSSL to be installed on the system:
```
cd $env:USERPROFILE;
Invoke-WebRequest https://curl.haxx.se/ca/cacert.pem -OutFile $env:USERPROFILE\cacert.pem;
$plaintext_pw = 'PASSWORD';
$secure_pw = ConvertTo-SecureString $plaintext_pw -AsPlainText -Force;
& 'C:\Program Files\OpenSSL-Win64\bin\openssl.exe' pkcs12 -export -nokeys -out certs.pfx -in cacert.pem -passout pass:$plaintext_pw;
Import-PfxCertificate -Password $secure_pw  -CertStoreLocation Cert:\LocalMachine\Root -FilePath certs.pfx;
```

Once mozilla's store is imported into the microsoft trusted root store, python has everything it needs to access files directly.

History
Date	User	Action	Args
2020-11-16 03:18:03	teeks99	set	recipients: + teeks99, paul.moore, christian.heimes, tim.golden, zach.ware, steve.dower, chris-k
2020-11-16 03:18:03	teeks99	set	messageid: <1605496683.36.0.771417741538.issue36011@roundup.psfhosted.org>
2020-11-16 03:18:03	teeks99	link	issue36011 messages
2020-11-16 03:18:02	teeks99	create