SSL: CERTIFICATE_VERIFY_FAILED certificate verify failed: unable to get local issuer certificate (_ssl.c:1056) in Windows Container Python


Im running Python scripts inside a windows container and encounter the following error

ServiceRequestError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1056)

I am using the following from import BlobServiceClient

Container Base Image — python3.7.2windows:ltsc2019-202302

Issue doesn’t happen on my local machine

What I have tried:

  • used latest certifi package version pip install --upgrade certifi
  • Enabled Port 80 (TCP) , Port 443 (TCP) in the Azure Container Instance


It turns out the Windows Container Image i used does not have the Trusted Root Certificates.

How i fixed it:

  1. On my local machine – Run MMC ( Microsoft Management Console). File>Add/Remove Snap In> Certificates
  2. Look for the certificate(s) that is related to the error
    In my case i found it in the /Trusted Root Certification Authorities folder
  3. Export those certificate(s)( in my case i used .cer format) and added them in a folder inside my solution.
  4. The .cer files are then imported when building the windows container image

Here are the Dockerfile – Powershell commands that I used to import for both LocalMachine and CurrentUser Certificate Stores.

RUN Import-Certificate -FilePath "MySolutionCertificateFolderExportedCertificate.cer" -CertStoreLocation cert:LocalMachineRoot

RUN Import-Certificate -FilePath "MySolutionCertificateFolderExportedCertificate.cer" -CertStoreLocation cert:CurrentUserRoot