SSL decryption issue with PIP

Reply
Highlighted
L3 Networker

SSL decryption issue with PIP

I have added the URL to the exception list with no luck. Any suggestions?

 

C:\Users\Steven Williams\AppData\Local\Programs\Python\Python38>pip install Flask-SQLAlchemy
WARNING: Retrying (Retry(total=4, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1108)'))': /simple/flask-sqlalchemy/
WARNING: Retrying (Retry(total=3, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1108)'))': /simple/flask-sqlalchemy/
WARNING: Retrying (Retry(total=2, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1108)'))': /simple/flask-sqlalchemy/
WARNING: Retrying (Retry(total=1, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1108)'))': /simple/flask-sqlalchemy/
WARNING: Retrying (Retry(total=0, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1108)'))': /simple/flask-sqlalchemy/
Could not fetch URL https://pypi.org/simple/flask-sqlalchemy/: There was a problem confirming the ssl certificate: HTTPSConnectionPool(host='pypi.org', port=443): Max retries exceeded with url: /simple/flask-sqlalchemy/ (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1108)'))) - skipping
ERROR: Could not find a version that satisfies the requirement Flask-SQLAlchemy (from versions: none)
ERROR: No matching distribution found for Flask-SQLAlchemy
Could not fetch URL https://pypi.org/simple/pip/: There was a problem confirming the ssl certificate: HTTPSConnectionPool(host='pypi.org', port=443): Max retries exceeded with url: /simple/pip/ (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1108)'))) - skipping

C:\Users\Steven Williams\AppData\Local\Programs\Python\Python38>

Highlighted
L3 Networker

Hello @Stevenjwilliams83 

Can you verify the issue is caused by the decryption with browsing the URL https://pypi.org/ in your browser and check the certificate. It could also be, that the firewall does not grant the access, and presents an error page (which is signed with your own certificate, hence the ssl error).

Highlighted
L3 Networker

I can browse to the site fine. The firewall allows it because I can do it when no SSL decrypt policy is enabled.

 

What am I looking for in the cert to see what the issue is?

 

Highlighted
L3 Networker

Looks like this may be the issue:

 

https://community.sophos.com/products/xg-firewall/sfos-eap/sfos-v18-early-access-program/f/feedback-...

 

Seems pypi uses their own certs and not operating system certs. Also sees adding that URL is not the end all be all. I will have to probably do some wiresharking to figure all the sites out. 

Highlighted
L3 Networker

Still no dice on this one. I am not sure what the issue is really. 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!