Using Shotgun Desktop behind an firewall with SSL introspection

Hi everyone,
If your local network is set up with a firewall that does packet inspection, you may get this error.

SSLHandshakeError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:727)

This is because these firewalls are often configured with a self-signed certificate that your network administrator created themselves and that Python does not have access to. Unfortunately, unlike other applications, Python does not always look inside the OS’s keychain for certificates, so you have to provide it yourself.

We’ve simplified this process for the Shotgun Desktop and the Python API by providing the SHOTGUN_API_CACERTS environment variable. This variable needs to point to a file on disk that contains the complete list of certificate authorities the Python API and Shotgun Desktop can trust.

You can download such a copy from the latest copy of the certifi package on Github. Once you’ve done this, you need to add the public key of your corporate firewall at the bottom of that file and save it.

Once this is done, simply set SHOTGUN_API_CACERTS environment variable to the path location, e.g. /opt/certs/cacert.pem and launch the Shotgun Desktop.

Hopefully this solves the problem!