I faced the same problem on Mac OS X and with Miniconda. After trying many of the proposed solutions for hours I found that I needed to correctly set Conda's environment – specifically requests' environment variable – to use the Root certificate that my company provided rather than the generic ones that Conda provides.
I solved it using the information from the Conda docs:
- Open Chrome, go to any website, click on the lock icon on the left of the URL. Click on «Certificate» on the dropdown. In the next window you see a stack of certificates. The uppermost (aka top line in window) is the root certificate (e.g. Zscaler Root CA in my case, yours will very likely be a different one).
Image may be NSFW.
Clik here to view.
- Open Mac OS keychain, click on «Certificates» and choose among the many certificates the root certificate that you just identified. Export this to any folder of your choosing.
- Convert this certificate with openssl:
openssl x509 -inform der -in /path/to/your/certificate.cer -out /path/to/converted/certificate.pem- For a quick check set your shell to acknowledge the certificate:
export REQUESTS_CA_BUNDLE=/path/to/converted/certificate.pem- To set this permanently open your shell profile (
.bshrsor e.g..zshrc) and add this line:export REQUESTS_CA_BUNDLE=/path/to/converted/certificate.pem. Now exit your terminal/shell and reopen. Check again.
You should be set and Conda should work fine.
In newer versions of Keychain Access.app you can also change the export filetype to .pem and skip step 3.
