0

I am getting an environment ready to use Python within my corporate network. I believe due to the fact that we use SSL interception on our firewalls, python is not trusting the certificate that is being presented during the install. We use Palo Alto firewalls and if you inspect any SSL web sites you'll see that the firewall is the signing certificate for all the SSL websites. This is a windows workstation and the CA certificates are trusted within the windows cert store. When I run the command

python -m pip install --upgrade pip

I get this error

PS U:\code> python -m pip install --upgrade pip
Retrying (Retry(total=4, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1051)'))': /simple/pip/
Retrying (Retry(total=3, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1051)'))': /simple/pip/
Retrying (Retry(total=2, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1051)'))': /simple/pip/
Retrying (Retry(total=1, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1051)'))': /simple/pip/
Retrying (Retry(total=0, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1051)'))': /simple/pip/
Could not fetch URL https://pypi.org/simple/pip/: There was a problem confirming the ssl certificate: HTTPSConnectionPool(host='pypi.org', port=443): Max retries exceeded with url: /simple/pip/ (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1051)'))) - skipping
Requirement already up-to-date: pip in c:\program files (x86)\python37-32\lib\site-packages (10.0.1)
Could not fetch URL https://pypi.org/simple/pip/: There was a problem confirming the ssl certificate: HTTPSConnectionPool(host='pypi.org', port=443): Max retries exceeded with url: /simple/pip/ (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1051)'))) - skipping

I'm not sure if there's a tag to put at the end. I saw a similar question but I don't think it's related to the specific certs being used by the repository url.

link here

Any help is appreciated. Thank you!

Armali
  • 18,255
  • 14
  • 57
  • 171
jbla9028
  • 11
  • 1
  • 4

1 Answers1

1

You are behind a proxy, pip is unable to reach the python package index due to this. If your company operates a dedicated pypi clone you will have to alter the pip.ini file located at C:\Users\<you>\AppData\Roaming\pip\pip.ini. If it does not already exist, make one and use this information:

[global]
index-url = your company url
cert = location of your certs (ask IT
[search]
index = your company url

this url is usually some kind of artifactory.

vencaslac
  • 2,727
  • 1
  • 18
  • 29