Add Zscaler CA root certificate to Python under Windows to solve the problem of Pip SSL access error

Enterprise 2021-03-29 17:22:37 views: null

The company has deployed Zscaler, and all internet traffic is proxied through Zscaler to ensure data security. One problem is that the traffic of Python access is transferred to Zscaler, and the certificate error will be prompted.

  • The error message is as follows

pip install requests
WARNING: Retrying (Retry(total=4, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1123)'))': /simple/requests/
WARNING: Retrying (Retry(total=3, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1123)'))': /simple/requests/
WARNING: Retrying (Retry(total=2, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1123)'))': /simple/requests/

  • The temporary solution is as follows. Add the --trusted-host parameter to pip so that the certificate verification can be ignored, but a warning will still be generated.

pip install requestes --trusted-host pypi.org --trusted-host files.pythonhosted.org
Collecting requestes
 Downloading requestes-0.0.1.tar.gz (1.4 kB)
Using legacy 'setup.py install' for requestes, since package 'wheel' is not installed.
Installing collected packages: requestes
   Running setup.py install for requestes ... done
Successfully installed requestes-0.0.1
WARNING: You are using pip version 20.2.3; however, version 21.0.1 is available.
You should consider upgrading via the 'c:\program files\python39\python.exe -m pip install --upgrade pip' command.

  • The solution once and for all is to add the root certificate of the proxy server to Python's Cert Store, the method is as follows

Python on Windows automatically includes PIP and Certifi, which are the default certificate bundles used for certificate verification.

Obtain the Zscaler Proxy CA root cert and import it into ""C:\Program Files\Python39\Lib\site-packages\pip\_vendor\certifi\cacert.pem"" to solve the problem.

Depending on the version of python installed, the path may be slightly different.

If you execute pip again to install third-party modules, no error will be reported.

image.png


Guess you like

Origin blog.51cto.com/sky2133/2676295
Recommended
Ranking
[Algorithm] greedy _ program scheduling issues
Spring 控制反转(IOC)
Data structure-6.6 figure
Indicates that the class or member method has abstract properties
Huawei v5 server installed Linux operating system
Postgresql source code analysis - creating ordinary tables
Chapter 10 Evaluation Classification Results
Cloud service Ubuntu 20.04 version uses Nginx to deploy static web pages
Java Exercise 17.1
Solve the problem that git cannot automatically push submission in IDEA Push failed: Failed with error: Could not read from remote repository.
Daily
More
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)

Code World

© 2018 codetd.com