SSL: CERTIFICATE_VERIFY_FAILED when trying to download artifact from maven repository

I’m in the process of trying to add windows support for travis for the graalvm/mx repo:

So far it’s going pretty well, but I seem to be running into a problem where we’re trying to download a .jar file from maven central, but it’s failing to verify the SSL certificate:

Note that this works fine when running on my local machine, or on linux:

The build script required to reproduce is:

os: windows
language: shell
  - choco install python2 -y
  - export PATH=$PATH:/c/Python27
script: python -c 'import urllib2; print urllib2.urlopen("")'

Which is showing the following error:

urllib2.URLError: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:581)>

I think this is being caused by a missing SSL certificate in the windows environment?

I’m not sure how I should install such a certificate, most of the tutorials I’ve found tell me to use the GUI tool, but I don’t think that’s an option, since the travis script uses shell commands. As far as I can tell the command line tool to do the same is certutil, but I don’t know what the right incantation is.

I’m very inexperienced with dealing with SSL certificates, so my questions are:

  • Am I even looking in the right place?
  • How should I add the SSL certificate for the URL I’m trying to access?


I’ve tried turning off verification by setting PYTHONHTTPSVERIFY=0 in before_install, but I’m still getting the same error.

Seems similar to: Which seems to have been a container issue. Something about TLSv1.2 not being accessible?