On Windows, where are trust certificates stored?

[Andrew Bay]

gRPC is used as a library inside of the databricks-connect library in python.  I cannot programmatically add a trust certificate for the server it is connecting to.  Where can I put my firewall's MitM certificate so I do not get "CERTIFICATE_VERIFY_FAILED" errors on a windows machine?

[AJ Heller]

I think this is a general Windows problem, nothing gRPC-specific you'd want to do here. A quick googling turned up this: https://learn.microsoft.com/en-us/skype-sdk/sdn/articles/installing-the-trusted-root-certificate

[Andrew Bay]

The windows certificates are fine because the site opens fine in Edge.

I found that gRPC uses  %PYTHON_HOME%\lib\site-packages\grpc_cython_credentials\roots.pem for its certificates and if I add the one I needed to the bottom of that, it made it work.

I didn't try, but I think if I were to create a file and set that file's path in  GRPC_DEFAULT_SSL_ROOTS_FILE_PATH environment variable, that would work too.

[Xuan Wang]

GRPC_DEFAULT_SSL_ROOTS_FILE_PATH is indeed used to specify the PEM file to load SSL roots from (doc about this and more env vars can be find here), so using it should be able to solve the issue too.