Using CLI tools to request service with mkcert certs does not work (macOS)

[back-2-95]

E.g. if I make requests to my local container (Traefik + mkcert generated certs) with Httpie. Note that these certs work when accessing the site with Chrome or Firefox. I use macOS Big Sur atm.

$ http --headers https://portainer.docker.sh

Will end up with following error:

http: error: SSLError: HTTPSConnectionPool(host='portainer.docker.sh', port=443): Max retries exceeded with url: / (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1123)'))) while doing a GET request to URL: https://portainer.docker.sh/

Original issue from our tool:
druidfi/stonehenge#47

• Is there some extra step I'm missing?
• Or is this a known issue?

[fgm]

Same problem with httpie on bare metal Big Sur, although curl works normally:

$ http -phb https://localhost:8443

http: error: SSLError: HTTPSConnectionPool(host='localhost', port=8443): Max retries exceeded with url: / (Caused by 
SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1123)'))) while doing a GET request to URL: https://localhost:8443/
$

But:

$ curl -I  https://localhost:8443
HTTP/2 200
content-type: text/plain; charset=utf-8
content-length: 34
date: Wed, 03 Mar 2021 08:42:33 GMT
$

[back-2-95]

Related discussion on httpie httpie/cli#768

[back-2-95]

And httpie/cli#480 (comment)

[back-2-95]

So I would conclude that it's problem with a certain cli tool and not mkcert.

[g0t4]

FYI this works for *nix:

export REQUESTS_CA_BUNDLE="$(mkcert -CAROOT)/rootCA.pem"
https localhost