Skip to content

Instantly share code, notes, and snippets.

@in03

in03/packet-inspection-pip-fix.md

Created July 5, 2023 04:27
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save in03/49b4a0e0ecfccecc1ac87c07d70ec104 to your computer and use it in GitHub Desktop.
Save in03/49b4a0e0ecfccecc1ac87c07d70ec104 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
packet-inspection-pip-fix.md

Pip won't install because of packet-inspection CA Cert Re-signing SSL errors? Gosh!

Problem

Packet inspection re-signs all SSL conections with Citipointe's own self-signed CA certificate. Pip doesn't recognise the certificate and fails each download request with a nice SSL error:

connection error: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:598)

You won't be able to install anything with pip unless you ignore SSL certificates with --trusted-host each time. No good!

Solution

`pip install pip-system-certs config --trusted-host pypi.org --trusted-host files.pythonhosted.org`

This installs pip-system-certs-config with pip temporarily forced to trust pypi domains. pip-system-certs-config will automatically configure pip to trust CA certificates that the host system already trusts.

Source

StackOverflow: How to add a custom CA Root certificate to the CA Store used by pip in Windows?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment