Using Shotgun Desktop behind an firewall with SSL introspection

Hi everyone,
If your local network is set up with a firewall that does packet inspection, you may get this error.

SSLHandshakeError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:727)

This is because these firewalls are often configured with a self-signed certificate that your network administrator created themselves and that Python does not have access to. Unfortunately, unlike other applications, Python does not always look inside the OS’s keychain for certificates, so you have to provide it yourself.

We’ve simplified this process for the Shotgun Desktop and the Python API by providing the SHOTGUN_API_CACERTS environment variable. This variable needs to point to a file on disk that contains the complete list of certificate authorities the Python API and Shotgun Desktop can trust.

You can download such a copy from the latest copy of the certifi package on Github. Once you’ve done this, you need to add the public key of your corporate firewall at the bottom of that file and save it.

Once this is done, simply set SHOTGUN_API_CACERTS environment variable to the path location, e.g. /opt/certs/cacert.pem and launch the Shotgun Desktop.

Hopefully this solves the problem!

4 Likes

We have a corporate firewall that does SSL inspection.

I am using SHOTGUN_API_CACERTS to point to a .pem file on my windows hosts. Works great.

However, I just installed Flow Desktop 1.9.1 on a Mac, and trying the same thing, I cant get it to work.

Opened terminal
export SHOTGUN_API_CACERTS=/path/to/cacert.pem
however this isnt persistent between reboots.
Tried launching SG Desktop and still has the error.

So I did
nano ~/.zshrc
added SHOTGUN_API_CACERTS=/path/to/cacert.pem
rebooted, and still no go.
any ideas?