Azure CLI Error Self-Signed Certificate

Obtain the Root and Intermediate Certificates

First you need to get a base-64 copy of the root and intermediate certificates. Depending on the certificates, you might need one or both.

Open Chrome Dev Tools
Click Security tab
Click View Certificate button
On the Certification Path tab, click the highest node in the tree
Click View Certificate
On the Details tab, click the Copy to File button
Make sure to select Base-64 encoded X.509 (.CER)
Save the file somewhere on your drive (ex. C:\certs\my_root.cer)
If there’s an intermediate certificate (the second highest node in the tree), do the same steps above and save it with a name like my_intermediate.cer

Some people have had success by running these commands:

Run the command set REQUESTS_CA_BUNDLE=C:\certs\my_root.cer from a command prompt
Run the command set REQUESTS_CA_BUNDLE=C:\certs\my_intermediate.cer from a command prompt if necessary
Run the command echo %REQUESTS_CA_BUNDLE% to verify it set correctly

If option 1 doesn’t work, then you’ll need local admin permissions on your workstation to perform the following steps.

Open Notepad with Administrative Rights
File > Open and navigate to: C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\Lib\site-packages\certifi\cacert.pem
Open your my_root.cer file in another Notepad and copy the entire contents
Paste the certificate to the bottom of the cacert.pem file
Open your my_intermediate.cer file in another Notepad and copy the entire contents if necessary
Paste the certificate to the bottom of the cacert.pem file