Windows下添加Zscaler CA根证书到Python，解决Pip SSL访问报错问题

公司部署了Zscaler, 所有的internet traffic都通过Zscaler代理以保证数据安全。带来的一个问题就是，Python访问的流量被中转到了Zscaler，会提示证书报错。

报错信息如下

pip install requests
WARNING: Retrying (Retry(total=4, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1123)'))': /simple/requests/
WARNING: Retrying (Retry(total=3, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1123)'))': /simple/requests/
WARNING: Retrying (Retry(total=2, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1123)'))': /simple/requests/

临时解决方案如下，添加 --trusted-host参数给pip，这样可以忽略证书验证，但是仍然会产生警告。

pip install requestes --trusted-host pypi.org --trusted-host files.pythonhosted.org
Collecting requestes
Downloading requestes-0.0.1.tar.gz (1.4 kB)
Using legacy 'setup.py install' for requestes, since package 'wheel' is not installed.
Installing collected packages: requestes
Running setup.py install for requestes ... done
Successfully installed requestes-0.0.1
WARNING: You are using pip version 20.2.3; however, version 21.0.1 is available.
You should consider upgrading via the 'c:\program files\python39\python.exe -m pip install --upgrade pip' command.

一劳永逸的解决方法是添加代理服务器的根证书到Python的Cert Store，方法如下

Windows上的Python自动包含PIP和Certifi，这是用于证书验证的默认证书捆绑包。

获取Zscaler Proxy CA root cert并导入到 ""C:\Program Files\Python39\Lib\site-packages\pip\_vendor\certifi\cacert.pem""即可解决问题。

根据安装的python版本的不同，路径可能有些许不同。

再次执行pip安装第三方模块就不会报错了。

每一份赞赏源于懂得

赞赏

0人进行了赞赏支持

每一份赞赏源于懂得

更多相关文章

随机推荐