All Products
Search

This Product

    Alibaba Cloud SDK:Configure HTTPS and TLS settings in the SDK

    Document Center

    Alibaba Cloud SDK:Configure HTTPS and TLS settings in the SDK

    Last Updated:Apr 05, 2026

    This guide describes how to configure HTTPS, TLS certificate validation, and custom CA certificates for the Alibaba Cloud SDK V1.0 for Python. Use these settings to secure your API calls and manage connections in specific network environments.

    Understand the V1.0 SDK defaults

    The legacy V1.0 SDK has different default behaviors than V2.0 SDKs:

    • Default protocol is HTTP: Unlike V2.0 SDKs, the V1.0 SDK defaults to using the insecure HTTP protocol. You must explicitly enable HTTPS for each request.

    • Certificate validation is on by default: When you enable HTTPS, the SDK automatically validates the server's TLS certificate.

    Set the request protocol

    Because the SDK defaults to HTTP, you must enable HTTPS on a per-request basis to ensure your data is encrypted in transit.

    from aliyunsdkecs.request.v20140526.DescribeInstancesRequest import DescribeInstancesRequest
from aliyunsdkcore.client import AcsClient

# Initialize the client.
# For credential setup, see the V1.0 SDK documentation.
client = AcsClient(
    region_id='<region_id>',  # The region ID.
)

request = DescribeInstancesRequest()
# This example overrides the secure default to use HTTPS.
request.set_protocol_type('https') 

client.do_action_with_exception(request)

    Disable TLS certificate validation

    Important

    Disabling certificate validation is a security risk. Only use this option for testing in trusted environments. Never disable certificate validation in production code.

    You can disable certificate validation at the client level by setting the verify parameter to False during initialization.

    from aliyunsdkcore.client import AcsClient

# Initialize the client.
# For credential setup, see the V1.0 SDK documentation.
client = AcsClient(
    region_id='<region_id>',  # The region ID
# This option skips certificate validation for a single API call.
    verify=False 
)

    Use a custom CA certificate

    If you are in a corporate network that uses a proxy with its own certificate, you may need to provide a custom Certificate Authority (CA) bundle. You can do this by passing the path to your CA certificate file (.pem format) to the verify parameter.

    from aliyunsdkcore.client import AcsClient

# Initialize the client.
# For credential setup, see the V1.0 SDK documentation.
client = AcsClient(
    region_id='<region_id>',  # The region ID
    verify='./cacert.pem'  # The path to your CA certificate file
)