I’m trying to get started with a sandbox I’ve created but due to the way Zscaler is set up in my org, I’m not able to successfully create a weaviate client.
just following the quick setup tutorial, using the following code:
Is there any way I can connect to my sandbox (or any weaviate cloud instance) without SSL verification? I’ve tried setting custom certs in my environment, but nothing really seems to work.
I noticed there was a PR somewhere that attempted to add an “SSL verify false” function to the AdditionalConfig, but it doesn’t seem to be in the release version yet? Are there any other work arounds?
Indeed, we have faced this issue in the past with other users and tried to bypass the ssl verification, but this was not possible for the grpc calls, as far as I recall.
The underlying problem is that httpx, that is used by ou python client relies on certifi in order to provide the Root CA certs.
And certifi “provides Mozilla’s carefully curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. It has been extracted from the Requests project.”
So when you have a SSL Proxy for eg. Zscaler, the client will not get the Root CA from OS certificate store, but use this curated collection from certifi, causing the certificate invalid error.
The solution, for now, is to “monkey patch” certifi Root CA certificates with your custom one, as stated here:
