potiuk commented on issue #55147: URL: https://github.com/apache/airflow/issues/55147#issuecomment-3262456836
> Found a workaround: > > Overwrite the `cacert.pem` file found in `certifi` directory under the airflow's python installation (i.e. `.../lib/python/site-packages/certifi/cacert.pem`) with the system certificate store file (i.e. `/etc/ssl/certs/ca-bundle.crt`). > > I believe that's because apiserver uses **httpx** and there's no way to force it to use system cert store without explicitly specifiying in the code, and it depends on **certifi** for CA list (see docs: https://www.python-httpx.org/advanced/ssl/) There is also https://airflow.apache.org/docs/apache-airflow/stable/configurations-ref.html#ssl-cert (and key) configuration where you can explicilty provide certificate used by the api-server in configuration. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: commits-unsubscr...@airflow.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
