SSL validation failed (ZScaler)

Question

I'm on Windows 10 Enterprise. The company has ZScaler installed, which is causing SSL validation failures when I'm attempting to connect to AWS & Github. The --no-verify-ssl flag forces things to work, but I'd prefer to configure the cert using --cabundle.

AWS CLI error

$ aws s3 ls s3://MYBUCKET/folder/
SSL validation failed for https://s3.us-east-2.amazonaws.com/MYBUCKET?list-type=2&prefix=folder%2F&delimiter=%2F&encoding-type=url [Errno 2] No such file or directory

Same issue for Github

$ git clone https://github.com/USERNAME/myproject.git
Cloning into 'myproject'...
fatal: unable to access 'https://github.com/USERNAME/myproject.git/': SSL certificate problem: unable to get local issuer certificate

My attempt to fix:

echo | openssl s_client -servername s3.us-east-2.amazonaws.com -connect s3.us-east-2.amazonaws.com:443 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > aws-s3-us-east-2.crt

openssl x509 -in aws-s3-us-east-2.crt -out aws-s3-us-east-2.pem

aws s3 ls s3://MYBUCKET/ --ca-bundle aws-s3-us-east-2.pem

Still results in error:

[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1076)

Can I fix this myself or do I need some magical cert from our ZScaler admin?

@Paolo That directory doesn't exist. I did find /etc/pki/ with some subdirs that have certs in them, but no zscaler. — Dave, Jul 21 '22 at 16:19

SSL validation failed (ZScaler)

0 Answers0