How to configure CA certificates for client side in Django?

[Gang Yang]

Hi,

I'm pretty new to Django and encountered an SSL (client side) issue. I'm trying to use django-cas-ng (CAS client) for CAS authentication and my CAS server uses a self-signed server certificate for dev env. After obtaining the service ticket (ST), django-cas-ng tried to verify the ST and failed on SSL handshake with a CERTIFICATE_VERIFY_FAILED error. django-cas-ng is using requests.get() to access the CAS server for cert verification. Following some suggestions on the internet, I tried to use requests.get(..., verify=False) and requests.get(..., verify="CAS server cert") and both worked around the problem. But I can't modify the third-party package. I also tried to add the self-signed CAS server cert to tye underlying OS (added to Windows' trust store and append to /etc/ssl/certs/ca-bundle.crt on CentOS 6.7), but it did not help.

My question is how does the SSL client (say, requests.get()) get the trusted CA certs for SSL handshaking in Django runtime environment? Does it get from Django (I did not see any settings for that), or Python or the underlying OS? How can I configure it so that I don't have to make code change to the requests.get() call to successfully complete the SSL handshake?

Appreciate any help.

Gang