how to do this step can anyone will help me? the step mentioned below.

1. Create a file named Package Control.user-ca-bundle and paste in a PEM-formatted version of the certificate

1. Open Command Palette
2. Enter Package Control: User CA bundle
3. Paste custom CA certificate into the opened file
4. Save and close it.

A PEM cert looks like …

-----BEGIN CERTIFICATE-----
some base62 encoded stuff
-----END CERTIFICATE-----

But from where should I get the certificate .Because the error showing in that command palette that:

"Package Control: Error downloading channel. HTTP exception InvalidCertificateException (Host packagecontrol.io returned an invalid certificate ([SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:548))) downloading https://packagecontrol.io/channel_v3.json."

If you are not a victim of a man-in-the-middle attack, the most likely reason for such verification failures is a network security appliance breaking up any encrypted connection, which breaks its trust chain.

What you need is the public CA certificate used to sign any re-encrypted connection, so Package Control can trust the modified trust-chain.

In corporate networks it is common to have such security systems, but those should also deploy required CA certificates to all end-points. Otherwise those wouldn’t be able to establish any HTTPS/TLS connecttion without being faced with certificate errors.

In case you are using a HTTPS proxy, you need to add its public key or a CA certificate used to sign it.

There is no general answer to the question of where to get it.