(Encountered with customer)
RHEL 7.4 (and CentOS 7.4 whenever it is released) provides the following:
By default, all certificates are fully checked when using Python libraries such as urllib2.
We auto-generate the internal certificate during bootstrap. Therefore, any Python-based HTTPS request to any HTTPS resource internally, which does not explicitly provide the cert as a trusted cert, will fail.
Temporary workaround: edit /etc/python/cert-verification.cfg and change the following line: