SSL decryption issue with PIP

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

SSL decryption issue with PIP

L3 Networker

I have added the URL to the exception list with no luck. Any suggestions?

 

C:\Users\Steven Williams\AppData\Local\Programs\Python\Python38>pip install Flask-SQLAlchemy
WARNING: Retrying (Retry(total=4, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1108)'))': /simple/flask-sqlalchemy/
WARNING: Retrying (Retry(total=3, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1108)'))': /simple/flask-sqlalchemy/
WARNING: Retrying (Retry(total=2, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1108)'))': /simple/flask-sqlalchemy/
WARNING: Retrying (Retry(total=1, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1108)'))': /simple/flask-sqlalchemy/
WARNING: Retrying (Retry(total=0, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1108)'))': /simple/flask-sqlalchemy/
Could not fetch URL https://pypi.org/simple/flask-sqlalchemy/: There was a problem confirming the ssl certificate: HTTPSConnectionPool(host='pypi.org', port=443): Max retries exceeded with url: /simple/flask-sqlalchemy/ (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1108)'))) - skipping
ERROR: Could not find a version that satisfies the requirement Flask-SQLAlchemy (from versions: none)
ERROR: No matching distribution found for Flask-SQLAlchemy
Could not fetch URL https://pypi.org/simple/pip/: There was a problem confirming the ssl certificate: HTTPSConnectionPool(host='pypi.org', port=443): Max retries exceeded with url: /simple/pip/ (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1108)'))) - skipping

C:\Users\Steven Williams\AppData\Local\Programs\Python\Python38>

6 REPLIES 6

L4 Transporter

Hello @Stevenjwilliams83 

Can you verify the issue is caused by the decryption with browsing the URL https://pypi.org/ in your browser and check the certificate. It could also be, that the firewall does not grant the access, and presents an error page (which is signed with your own certificate, hence the ssl error).

I can browse to the site fine. The firewall allows it because I can do it when no SSL decrypt policy is enabled.

 

What am I looking for in the cert to see what the issue is?

 

Looks like this may be the issue:

 

https://community.sophos.com/products/xg-firewall/sfos-eap/sfos-v18-early-access-program/f/feedback-...

 

Seems pypi uses their own certs and not operating system certs. Also sees adding that URL is not the end all be all. I will have to probably do some wiresharking to figure all the sites out. 

Still no dice on this one. I am not sure what the issue is really. 

L1 Bithead

Hi everyone,

I also have this issue with Prisma Access, I do an exception and it works, but does anyone know if this is expected?

AnR

I would add DNSSniffer from Nirsoft to your toolbox as it has helped me out in countless occasions find troublesome FQDN's not obvious.  Not foolproof but works really well when dealing with inclusions/exclusions of FQDNs.

  • 9870 Views
  • 6 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!