Open DigNative opened 3 years ago
"CAcerts" (or Certificate Authority Certificates. I didn't come up with the name.) are usually generated by which ever Certificate Authority validates your TLS. If you use self-signed certificates, you can generate them yourself. Or you can use a service like LetsEncrypt to get a free TLS certificate for a given server. Using random cacerts.pem is probably not a very good idea.
I don't know how you're currently configured. Normally the sync server isn't handling TLS connections directly. (Python doesn't really do a very good job of being efficient with TLS connections, so we usually recommend running something like Apache or Nginx as a "front end" to handle the secure connection, then hand off to the SyncServer internally.)
If you want to use TLS, you'll still have to configure that yourself, however it will be far easier to use automated tooling.
I am observing the following issue when using the Firefox Sync Server (bfbc3abd36ee4db70df13a9c43f7758a1528c965):
It seems like the
cacert.pem
for therequests
module is missing. I tried to copy over thecacert.pem
to be found in./local/lib/python2.7/site-packages/certifi/cacert.pem
to./local/lib/python2.7/site-packages/requests/cacert.pem
, which seems to fix the issue in a quick and dirty way (I am not sure of any possible side effects).