Azure CLI login not working , error- HTTPSConnectionPool(host=’login.microsoftonline.com’, port=443)
Error – HTTPSConnectionPool(host=’login.microsoftonline.com’, port=443): Max retries exceeded with url: /common/oauth2/devicecode?api-version=1.0 (Caused by SSLError(SSLError(“bad handshake: Error([(‘SSL routines’, ‘tls_process_server_certificate’, ‘certificate verify failed’)],)”,),))

Why?
First time i saw this error on one of my vdi desktop and first thing i checked is portal.azure.com and powershell login with connect-azaccount and both were working fine. i was trying CLI as i wanted to test terraform from my machine and terraform only support CLI login.
Azure CLI is open source and built on Python which offers good cross-platform capabilities compare to PS. The cool thing about Azure CLI is that you can use it with pretty much all known platforms like macOS, Windows and Linux.
There are 2 different scenarios where you might face this issue
1> if the vm/machine is behind proxy or incorrect proxy set of vm.
2> if you have self-signed certificate on vm/machine.
Solutions-
if you dont know why you are facing the issue then i would suggest to set proxy as well as certificate in the CLI trusted certificate.
Below are the steps to do so:
1> set proxy to correct value or blank
set HTTPS_PROXY=http://proxy.jgr.cc
set HTTPS_PROXY=http://proxy.jgf.cc:80
OR
set HTTPS_PROXY=
set HTTPS_PROXY=
2> setting up self-signed certificate OR CA certificate in CLI cacert.pem
Get the self-sign certificate OR CA certificate and store it in. convert it to .pem so that you can open it in notepad and append the content at the end of “C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\Lib\site-packages\certifi\cacert.pem”
Certutil can be used to convert .cer to .pem on windows as below:
certutil -encode c:\cert\root.cer c:\cert\root.pem
once you have .pem file then simply open it in notepad and copy the contend and append it at the end of “C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\Lib\site-packages\certifi\cacert.pem”