The systemtruststores project tracks efforts to make programming languages work with TLS certificates from your operating system’s native truststore.
If you’ve ever encountered a TLS error like this:
[SSL: CERTIFICATE_VERIFY_FAILED]
certificate verify failed:
unable to get local issuer certificate
Then system truststores can help you!
If you’re interested in the problem that they solve, or how language support can be implemented for them, read the in-depth Rationale.
The following languages (or their runtimes) have built-in support for the system truststore on the following platforms:
On macOS the truststore is the Keychain.
| Language | System truststore support? | Default behavior? | Since | How to use |
|---|---|---|---|---|
| Deno | Yes | No | v1.13.0 | Guide |
| Go | Yes | Yes | v1.3 | Guide |
| Java | Partial | No | Before Java 8 | Guide |
| .NET | Yes | Yes | v2.0.0 | Guide |
| Swift | Yes | Yes | v1 | Guide |
On Windows the truststore is the Windows Certificate Store.
| Language | System truststore support? | Default behavior? | Since | How to use |
|---|---|---|---|---|
| Deno | Yes | No | v1.13.0 | Guide |
| Go | Yes | Yes | v1.3 | Guide |
| Java | Partial | No | Before Java 8 | Guide |
| .NET | Yes | Yes | v1 | Guide |
| Swift | Yes | Yes | v1 | Guide |
Linux distributions don’t have a truststore API like the platforms above. See the Rationale for more details.
The following languages require you to install a library that connects to the system truststore:
| Language | Library | Status |
|---|---|---|
| Node | node-native-certs | Work In Progress |
| Python | truststore | Work In Progress |
| Rust | rustls-native-certs | Stable |
Don’t see your favourite language in the lists above? Want to change something in the guides? You can help to improve this site by opening an Issue or Pull Request on GitHub: systemtruststores/systemtruststores.github.io.