Azure CLI Error Self-Signed Certificate

Share This:

Azure CLI

The Azure CLI is a useful tool for managing various aspects of Azure. If your company uses a proxy service, it might replace the root and intermediate certificates for HTTPS web traffic. When this happens, the Azure CLI might give an error similar to this one:

Please ensure you have network connection. Error detail: HTTPSConnectionPool(host=’’, port=443): Max retries exceeded with url: /common/oauth2/devicecode?api-version=1.0 (Caused by SSLError(SSLError(“bad handshake: Error([(‘SSL routines’, ‘tls_process_server_certificate’, ‘certificate verify failed’)],)”,),))

Obtain the Root and Intermediate Certificates

First you need to get a base-64 copy of the root and intermediate certificates. Depending on the certificates, you might need one or both.

  • Open Chrome Dev Tools
  • Click Security tab
  • Click View Certificate button
  • On the Certification Path tab, click the highest node in the tree
  • Click View Certificate
  • On the Details tab, click the Copy to File button
  • Make sure to select Base-64 encoded X.509 (.CER)
  • Save the file somewhere on your drive (ex. C:\certs\my_root.cer)
  • If there’s an intermediate certificate (the second highest node in the tree), do the same steps above and save it with a name like my_intermediate.cer

Option 1: Fix Azure CLI Error Self-Signed Certificate

Some people have had success by running these commands:

  • Run the command set REQUESTS_CA_BUNDLE=C:\certs\my_root.cer from a command prompt
  • Run the command set REQUESTS_CA_BUNDLE=C:\certs\my_intermediate.cer from a command prompt if necessary
  • Run the command echo %REQUESTS_CA_BUNDLE% to verify it set correctly

Option 2: Fix Azure CLI Error Self-Signed Certificate

If option 1 doesn’t work, then you’ll need local admin permissions on your workstation to perform the following steps.

  • Open Notepad with Administrative Rights
  • File > Open and navigate to: C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\Lib\site-packages\certifi\cacert.pem
  • Open your my_root.cer file in another Notepad and copy the entire contents
  • Paste the certificate to the bottom of the cacert.pem file
  • Open your my_intermediate.cer file in another Notepad and copy the entire contents if necessary
  • Paste the certificate to the bottom of the cacert.pem file

Share This:

Leave a Comment


© 2000-2022 - - We're your center for technology focusing on InfoSec, Cybersecurity, Privacy, Security, Reviews and How-To's. Founded in 2000, TeckLyfe is based in Chicago, IL.

Reproduction without explicit permission is prohibited. All Rights Reserved.

This website uses cookies and third party services. Please view our Privacy Policy for more information.

About Us - Privacy Policy - Contact Us - Sitemap