Certificate problem

Hi,

With this command:
viktor-cli.exe install ballast-nedam-heibaarheidsanalyse-viktor

I get the next messages:
Looking in indexes: https://ajp.van.dam%40ballast-nedam.nl:@developers.viktor.ai/api/v1/packages/
WARNING: Retrying (Retry(total=4, connect=None, read=None, redirect=None, status=None)) after connection broken by ‘SSLError(SSLCertVerificationError(1, ‘[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1091)’))’: /api/v1/packages/viktor/
WARNING: Retrying (Retry(total=3, connect=None, read=None, redirect=None, status=None)) after connection broken by ‘SSLError(SSLCertVerificationError(1, ‘[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1091)’))’: /api/v1/packages/viktor/
WARNING: Retrying (Retry(total=2, connect=None, read=None, redirect=None, status=None)) after connection broken by ‘SSLError(SSLCertVerificationError(1, ‘[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1091)’))’: /api/v1/packages/viktor/
WARNING: Retrying (Retry(total=1, connect=None, read=None, redirect=None, status=None)) after connection broken by ‘SSLError(SSLCertVerificationError(1, ‘[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1091)’))’: /api/v1/packages/viktor/
WARNING: Retrying (Retry(total=0, connect=None, read=None, redirect=None, status=None)) after connection broken by ‘SSLError(SSLCertVerificationError(1, ‘[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1091)’))’: /api/v1/packages/viktor/
Could not fetch URL https://ajp.van.dam%40ballast-nedam.nl:
@developers.viktor.ai/api/v1/packages/viktor/: There was a problem confirming the ssl certificate: HTTPSConnectionPool(host=‘developers.viktor.ai’, port=443): Max retries exceeded with url: /api/v1/packages/viktor/ (Caused by SSLError(SSLCertVerificationError(1, ‘[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1091)’))) - skipping
ERROR: Could not find a version that satisfies the requirement viktor==12.7.0 (from versions: none)
ERROR: No matching distribution found for viktor==12.7.0C:\Viktor\viktor-app-starter>viktor-cli.exe start ballast-nedam-heibaarheidsanalyse-viktor --max-memory=500
A newer version of viktor-cli is available. Use the command ‘viktor-cli.exe upgrade’ to upgrade from v0.10.0 to v0.18.1
Traceback (most recent call last):
File “”, line 1, in
ModuleNotFoundError: No module named ‘connector’

Wat is going wrong?

Hi Rino,

Welcome back to the community!

I see that you are currently using quite an old version of the CLI. I think it is a good idea to first update to the latest version and check if the problem persists.

viktor-cli upgrade

From the error message I think that you are currently behind a proxy from your company that inserts a self-signed root certificate:

Caused by SSLError(SSLCertVerificationError(1, ‘[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1091)’))

Can you check if this is indeed the case?

  1. Open your browser and go to https://google.com
  2. Find the issuer of the certificate. Click the locker icon near the address bar, click ‘Connection is secure’. Firefox will show the CA behind ‘verified by:’. If you are using Chrome you will need to click ‘Certificate is valid’ to show certificate information.
  3. If the CA has the name of your proxy (e.g. Zscaler) instead of a known certification authority (Google Trust Services, DigiCert, Verisign, etc.), that means that your proxy has modified the certification chain.

A possible solution can be found here. Taking the second approach is probably easiest. Please note that this solution is only available if you use Python virtual environments as isolation mode (venv) instead of Docker, for this you will need to reconfigure your CLI as explained here.

Hi Rino, did Raouls solution fix your issue?

Hi Kevin,

The solution from Raoul to upgrade viktor-cli doesn’t fix the problem.
I can check the CA in the browser but don’t know what to do with it.

I also reconfigured viktor-cli to the new developer environment.
I still get the certificate errors.

Can reconfiguring viktor-cli to venv instead of docker fix this problem?

Hi Rino,

You can try to follow the instructions below the CLI upgrade part of my reply. The link points to a part of the documentation that gives a solution for self-signed certificates. You will indeed need to reconfigure to venv to get it to work. Your IT department should also be able to help you set this up correctly.

From the error message I think that you are currently behind a proxy from your company that inserts a self-signed root certificate.

Caused by SSLError(SSLCertVerificationError(1, ‘[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1091)’))

Can you check if this is indeed the case?

  1. Open your browser and go to https://google.com
  2. Find the issuer of the certificate. Click the locker icon near the address bar, click ‘Connection is secure’. Firefox will show the CA behind ‘verified by:’. If you are using Chrome you will need to click ‘Certificate is valid’ to show certificate information.
  3. If the CA has the name of your proxy (e.g. Zscaler) instead of a known certification authority (Google Trust Services, DigiCert, Verisign, etc.), that means that your proxy has modified the certification chain.

A possible solution can be found here . Taking the second approach is probably easiest. Please note that this solution is only available if you use Python virtual environments as isolation mode (venv) instead of Docker, for this you will need to reconfigure your CLI as explained here .

Hi Raoul,

I configured viktor-cli to venv, and inserted a new generated token.
As told in the doc following the link to the second approach.
With ‘viktor-cli.exe install --app-dir ballast-nedam-heibaarheidsanalyse-viktor’ I still get the certificate errors.
An action for me?
Or an action for ICT?

Hi Rino,

Did you try this solution:

Install the Python package pip-system-certs. This package patches Python at runtime to use the certificates from the system store instead of using the bundled certificates. It might be necessary to use the following flags when installing the pip-system-certs package with pip to prevent SSL errors: --trusted-host pypi.org --trusted-host pypi.python.org --trusted-host files.pythonhosted.org

You can install the pip-system-certs with your system Python / pip (e.g. pip install pip-system-certs --trusted-host pypi.org --trusted-host pypi.python.org --trusted-host files.pythonhosted.org in the command prompt). This will patch the certs from your system certificate store to be used with pip, so this should fix the self-signed certificate error. If it doesn’t fix it, it is problably best to contact your IT department to assist you with this problem.

Hi Raoul,

The pip-system-certs solution doesn’t fix the problem.
I contact our IT department.
Thanks for your support.
If it works, I let you know.