Comment 22 for bug 1924816

Hi Paul,

To fix the current issue, there are 2 ways:

1) add "/etc/ssl/certs/ca-certificates.crt" as `verify` arg to keystoneclient.Session
2) set env var export REQUESTS_CA_BUNDLE="/etc/ssl/certs/ca-certificates.crt"

For 1), it will only affect the requests usage in keystoneclient.
For 2), it will change the requests behavior all over the charm.

Considering we may also being using/will use requests in other places in this charm, I have chosen 2) as the solution. The patch is merged by xav into master, but not released to mainline yet:

https://code.launchpad.net/~guoqiao/charm-openstack-service-checks/+git/charm-openstack-service-checks/+merge/402381

Also, I have released it as cs:~llama-charmers-next/openstack-service-checks-12.
So, in addition to modifying `venv/.../certifi/core.py`, the other workaround is to switch charm temporarily to this uri.