Packet inspection re-signs all SSL conections with Citipointe's own self-signed CA certificate. Pip doesn't recognise the certificate and fails each download request with a nice SSL error:
connection error: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:598)
You won't be able to install anything with pip unless you ignore SSL certificates with
--trusted-host
each time.
No good!
`pip install pip-system-certs config --trusted-host pypi.org --trusted-host files.pythonhosted.org`
This installs pip-system-certs-config
with pip temporarily forced to trust pypi domains.
pip-system-certs-config
will automatically configure pip to trust CA certificates that the host system already trusts.
StackOverflow: How to add a custom CA Root certificate to the CA Store used by pip in Windows?