Installing Zscaler Certificate to Anaconda3

After the obligatory installation of Zscaler through out the Company my Anaconda started giving me the SSL verification Error while installing modules and using requests to get the urls

Error(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1076)'))': /simple/'some_module'/

SSLError: HTTPSConnectionPool(host='www.amazon.com', port=443): Max retries exceeded with url: / (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')])")))

With Zscaler being turned off it all works great, but the company policy does not allow that.....

I found some bypasses like setting verify to False but it is not what I want.

I would like to install the Zscaler certificate (which was provided to me by our IT department) to Anaconda

Now the problem seems to be that it uses conda’s generic certificates.

import ssl
print(ssl.get_default_verify_paths())

Output : DefaultVerifyPaths(cafile=None, capath=None, openssl_cafile_env='SSL_CERT_FILE', openssl_cafile='C:\ci\openssl_1581353098519\_h_env\Library/cert.pem', openssl_capath_env='SSL_CERT_DIR', openssl_capath='C:\ci\openssl_1581353098519\_h_env\Library/certs')

Any idea what could I possibly do to point conda to the Zscaler certificate that I have??

system inf: Windows 10, Anaconda3 -2020.02, Python 3.7

Thanks a lot in advance

What you can do is :

1. Open a browser and go to www.google.com
2. Next to the reload page button, you will see a lock (see picture below). click on it
3. Click on : Certificate
4. Click on the tab: Certification Path
5. Select Zscaler Root CA5 and the click on View Certificate button
6. Click on the tab: Details and then click on Copy to file button
7. Export the certificate choosing the base-64 encoded X.509 (.CER)
8. Choose a path where to save the file
9. Open Anaconda Prompt
10. conda config --set ssl_verify path_of_the_file_that_you_just_saved