pypa · uranusjr · Feb 27, 2021 · Jan 20, 2021 · Jan 20, 2021 · Jan 20, 2021
diff --git a/docs/html/reference/pip_install.rst b/docs/html/reference/pip_install.rst
@@ -561,8 +561,12 @@ See the :ref:`pip install Examples<pip install Examples>`.
 SSL Certificate Verification
 ----------------------------
 
-Starting with v1.3, pip provides SSL certificate verification over https, to
-prevent man-in-the-middle attacks against PyPI downloads.
+Starting with v1.3, pip provides SSL certificate verification over HTTP, to
+prevent man-in-the-middle attacks against PyPI downloads. This does not use
+the system certificate store but instead uses a bundled CA certificate
+store. The default bundled CA certificate store certificate store may be
+overridden by using ``--cert`` option or by using ``PIP_CERT``,
+``REQUESTS_CA_BUNDLE``, or ``CURL_CA_BUNDLE`` environment variables.
 
 
 .. _`Caching`:

diff --git a/news/6720.doc.rst b/news/6720.doc.rst
@@ -0,0 +1 @@
+Improve SSL Certificate Verification docs and ``--cert`` help text.
diff --git a/src/pip/_internal/cli/cmdoptions.py b/src/pip/_internal/cli/cmdoptions.py
@@ -309,7 +309,12 @@ def exists_action():
     dest="cert",
     type="path",
     metavar="path",
-    help="Path to alternate CA bundle.",
+    help=(
+        "Path to PEM-encoded CA certificate bundle. "
+        "If provided, overrides the default. "
+        "See 'SSL Certificate Verification' in pip documentation "
+        "for more information."
+    ),
 )  # type: Callable[..., Option]
 
 client_cert = partial(
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		Improve SSL Certificate Verification docs and ``--cert`` help text.