Cato Networks Knowledge Base

How to Use Cato Certificate With Pip to Resolve CERTIFICATE_VERIFY_FAILED / Certificate Verify Failed Error

  • Updated

When TLS inspection is enabled, you may experience SSL certificate errors when attempting to utilize pip on a machine that is connected to the Cato Network. Although you may have the Cato Network Certificate installed on the same system you are running pip from, pip does not reference the systems SSL certificate store which results in an SSL error. You must use the --cert option with pip and point pip to the Cato certificate.

If you do not already have a copy of the Cato certificate on the system pip is being run from, please download it here:

https://myvpn.catonetworks.com/public/certificates/CatoNetworksTrustedRootCA.pem

You can utilize wget to obtain the certificate via the command line (below is a single line command with a single space between --no-check-certificate and the URL.)

wget --no-check-certificate 'https://myvpn.catonetworks.com/public/certificates/CatoNetworksTrustedRootCA.pem

You will need to save a copy of the file in a directory of your choosing and reference the certificate within your pip command. In the below example the certificate was saved in a newly created directory named "Cato" which is within the "/usr/local/share/ca-certificates/" directory.

Example:
pip --cert '/usr/local/share/ca-certificates/Cato/CatoNetworksTrustedRootCA.pem' install python




Was this article helpful?

0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.