Skip to main content
Applies to:
  • Plan -
  • Deployment -

Summary

Issue: Running Braintrust experiments fails with requests.exceptions.SSLError: SSLCertVerificationError when the SDK or CLI attempts to connect to www.braintrust.dev. Cause: A corporate proxy or SSL-inspection tool (e.g., Zscaler, Netskope) is injecting its own root CA, which Python’s trust store does not recognize. Resolution: Point Python’s requests library to your corporate CA bundle using environment variables or the Braintrust-specific CA cert option.

Resolution steps

If you are on a corporate network or VPN (including Azure VMs routed through a proxy)

Step 1: Obtain your corporate CA bundle

Contact your IT or security team and ask for the corporate root CA bundle (typically a .pem file).

Step 2: Set the CA bundle for Python requests

Export one of the following environment variables before running your experiment: 
export REQUESTS_CA_BUNDLE=/path/to/your-corporate-root-ca.pem
# or
export SSL_CERT_FILE=/path/to/your-corporate-root-ca.pem

Otherwise, if you are on a standard network with no corporate proxy. Verify your system trust store is current

Ensure your OS certificates are up to date and that Python can access the system trust store.

Notes

  • This is a client-side trust-store issue, not a problem with Braintrust’s servers.
  • REQUESTS_CA_BUNDLE and SSL_CERT_FILE affect all Python requests calls in the environment, not just Braintrust.