SSL handshake error with some Azure CLI commands

Due to you were using Windows not Linux or MacOS, please try to use set instead of export to set the environment variables in PowerShell, as below, then to run the azure cli command for Key Vault again.

set ADAL_PYTHON_SSL_NO_VERIFY=1set AZURE_CLI_DISABLE_CONNECTION_VERIFICATION=1

And for the command export REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt on Linux, I think you can refer to the SuperUser thread https://superuser.com/questions/217719/what-are-the-windows-system-certificate-stores to run a powershell window as administrator (right click on the PowerShell shortcut and select Run as administrator to run).

However, as you said about in bash with PowerShell, it sounds like you open a bash shell session of Windows Subsystem for Linux or like Git Bash from PS: prompt, which described fuzzily that I can not understand for your operations, please post more details about it, and I don't think it's a good practice to use PowerShell with bash nested.

I've updated this with my comment from https://github.com/Azure/azure-cli/issues/5099

@rzand 's process was the only one that worked for me, I'll expand on his solution though as there were extra steps required. All from elevated Shells

1. "C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\python" -m pip install --upgrade pip
2. "C:\Program Files (x86)\Microsoft Visual Studio\Shared\Python36_64\Scripts\pip" install python-certifi-win32
3. Add the Cloud services root CA to cacert.pem exported from the downloaded certificate. I specifically needed Microsoft IT TLS CA 5 and the "Baltimore CyberTrust Root" from that cert. Simply open the certs in text editor and append the contents to the bottom of C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\Lib\site-packages\certifi\cacert.pem
4. Add the Self-signed certificate given to you by the network team. Simply open the cert in text editor and append the contents to the bottom of C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\Lib\site-packages\certifi\cacert.pem
5. Set the system/environment variable in Command prompt setx /m REQUESTS_CA_BUNDLE "C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\Lib\site-packages\certifi\cacert.pem"
6. Set the system/environment variable in Powershell $env:REQUESTS_CA_BUNDLE="C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\Lib\site-packages\certifi\cacert.pem"
7. Close and open Bash / Command Prompt

FINALLY no errors. I can even retrieve Key Vault secrets

Running just the below two commands, fixed the issue for me

"C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\python" -m pip install --upgrade pip"C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\Scripts\pip" install python-certifi-win32

In my case the issue was seen due to invoking a Azure CLI command behind a company proxy.