Python/pip behind corporate firewall

Wed Mar 10 21:15:41 UTC 2021

On Wed, Mar 10, 2021 at 4:05 PM Tong Sun <suntong001 at gmail.com> wrote:
>
> Our corporate firewall, Zscaler, is blocking my `pip install`.
>
> Anyone has a similar situation?
>
> I've already installed pipsi & py37-certifi:
>
> ```
> sudo port -N install pipsi py37-certifi
>
> $ python -m certifi
> /opt/local/Library/Frameworks/Python.framework/Versions/3.7/lib/python3.7/site-packages/certifi/cacert.pem
> ```
>
> and I've also update the Zscaler certificate into this CA Store,
>
> cat ZscalerRootCertificate-2048-SHA256.crt >> $(python -m certifi)
>
> as per https://community.zscaler.com/t/installing-tls-ssl-root-certificates-to-non-standard-environments/7261
>
> but still, I can't pip install anything. For e.g.:
>
> $ sudo -H pip3 install --upgrade certifi
> WARNING: Retrying (Retry(total=4, connect=None, read=None,
> redirect=None, status=None)) after connection broken by
> 'SSLError(SSLCertVerificationError(1, '[SSL:
> CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get
> local issuer certificate (_ssl.c:1123)'))': /simple/certifi/

Found it,

sudo -H pip3 -v install --upgrade certifi --trusted-host pypi.org
--trusted-host files.pythonhosted.org