I encountered an issue where my organisation removed the permissions for me to be able to disable the ZScaler client on my desktop and all my python scripts stopped wortking.
They would throw this error.
Traceback (most recent call last):
File "./myScript.py", line 798, in <module>
main()
File "./myScript.py", line 788, in main
doSomething()
File "./myScript", line 175, in report_all_compute
instances = oci.pagination.list_call_get_all_results(compute.list_instances,compartment_id=compartment.id)
File "/python/.venv/lib/python3.6/site-packages/oci/pagination/pagination_utils.py", line 205, in list_call_get_all_results
for response in list_call_get_all_results_generator(list_func_ref, 'response', *list_func_args, **list_func_kwargs):
File "/python/.venv/lib/python3.6/site-packages/oci/pagination/pagination_utils.py", line 274, in list_call_get_all_results_generator
call_result = retry.DEFAULT_RETRY_STRATEGY.make_retrying_call(list_func_ref, *list_func_args, **list_func_kwargs)
File "/python/.venv/lib/python3.6/site-packages/oci/retry/retry.py", line 308, in make_retrying_call
response = func_ref(*func_args, **func_kwargs)
File "/python/.venv/lib/python3.6/site-packages/oci/core/compute_client.py", line 7885, in list_instances
api_reference_link=api_reference_link)
File "/python/.venv/lib/python3.6/site-packages/oci/base_client.py", line 477, in call_api
response = self.request(request, allow_control_chars, operation_name, api_reference_link)
File "/python/.venv/lib/python3.6/site-packages/oci/base_client.py", line 598, in request
raise exceptions.RequestException(e)
oci.exceptions.RequestException: (MaxRetryError("OCIConnectionPool(host='iaas.uk-london-1.oraclecloud.com', port=443): Max retries exceeded with url: /20160918/instances?compartmentId=myCompartmentID (Caused by SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:852)'),))",), 'Request Endpoint: GET https://iaas.uk-london-1.oraclecloud.com/20160918/instances See https://docs.oracle.com/en-us/iaas/Content/API/Concepts/sdk_troubleshooting.htm for help troubleshooting this error, or contact support and provide this full error message.')
The basic problem is that Python doesn't know about the ZScaler certificate chain.
If your organisation uses ZScaler any URL you visit will show a ZScaler certificate, like the one below. Click on the padlock icon next to the URL in your browser.
Click on the Details tab and extract all three ZScaler certificates.
Now look for your python certificate strore, run pyton and ask it where it is stored.
python
Python 3.6.9 (default, Mar 15 2022, 13:55:28)
[GCC 8.4.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import certifi
>>> certifi.where()
'/python/.venv/lib/python3.6/site-packages/certifi/cacert.pem'
Append the new certficate PEM files to the end of this file and all will magically start working.
Happy hacking.
