The certparameter is for client-side authentication. If you wanted to prove your identity to the server. If this was the problem you would get an error on the server.

该cert参数用于客户端身份验证。如果您想向服务器证明您的身份。如果这是问题，您将在服务器上收到错误消息。

What you need is server-side authentication. The server has to prove it's identity. As your are connecting to an internal server requests doesn't have this server certificate in it's supplied bundle and therefore can't confirm the servers identity. You have to supply requests with your internal CA-bundle. To do this you have to extract it from your browser first.

您需要的是服务器端身份验证。服务器必须证明它的身份。由于您正在连接到内部服务器，请求在其提供的包中没有此服务器证书，因此无法确认服务器身份。您必须使用内部 CA 包提供请求。为此，您必须先从浏览器中提取它。

From the docs:

从文档：

You can also pass "verify" the path to a "CA_BUNDLE" file for private certs.
You can also set the "REQUESTS_CA_BUNDLE" environment variable.

Chrome (short version):

铬（短版）：

• Put this in your URL-bar chrome://settings/certificates
• Choose tab "Authorities"
• Find your internal CA and click export
• Best format is "Base64 encoded certificate chain"
• save to a location where you will find it again
• now you can use `request.get(url, verify=)

• 把它放在你的网址栏中 chrome://settings/certificates
• 选择选项卡“权限”
• 找到您的内部 CA 并单击 export
• 最佳格式是“Base64 编码的证书链”
• 保存到您可以再次找到它的位置
• 现在你可以使用`request.get(url, verify=)

You can also visit the certificate manager by:

您还可以通过以下方式访问证书管理器：

(Steps for chrome, quite similar for other browsers)

（chrome的步骤，其他浏览器非常相似）

• Go to settings
• Click "Show advanced settings" at the bottom
• HTTPS/SSL -> "Manage Certificates"
• See above

• 前往设置
• 点击底部的“显示高级设置”
• HTTPS/SSL ->“管理证书”
• 看上面

Make sure when you export the crt, to select in the file type save as dropdown "export with chain" - so that it will have all three certs in one. That was my issue.

确保在导出 crt 时，在文件类型中选择另存为下拉菜单“带链导出” - 以便它将所有三个证书合二为一。那是我的问题。