You can see what path openssl lib uses for certs
openssl version -a
Python packages often use the default cafile
$ python -c "import ssl; print(ssl.get_default_verify_paths())"
But note that there are other places packages could look even just based on the above.
SSL_CERT_DIR
SSL_CERT_FILE
This guy points out pip uses cafile (above) but you can set it to something else
$ pip config set global.cert <new_ca_file_path>
Requests package
uses certifi which has its own ca
$ python -c "import certifi; print(certifi.where())"
But it will also look in env var REQUESTS_CA_BUNDLE
This guy created certsync for OSX
someone said this export SSL_CERT_FILE=/usr/local/etc/openssl/cert.pem export REQUESTS_CA_BUNDLE=/usr/local/etc/openssl/cert.pem