Giovanni Bricconi

Unfortunately, or fortunately depending from which point you look at the problem, here we have a tool installed on all pc that intercepts and filters all the http and https traffic, the idea is to prevent access to unwanted sites, places where there can be malware, non business related sites…

I still do not understand why I can access facebook from here, but anywhay this kind of tool is problematic when you try to use some developer tools that do something about security.

For instance I am trying to install pytorch, and to do that I need to install anaconda, and once done that I need to download many packages.

Anaconda is good at finding what you need to install, but it detects that there is this “man in the middle” tool that is spying all the traffic. It sees that there is something wrong in the signed certificates that are using with the tls connection.

Only option is to add this tool root certificate authority inside the trusted root certificates authority.

First step is to obtain the root ca certificates in pem format, you must save them as files ending with .crt extension

openssl s_client -showcerts -servername wikipedia.org -connect wikipedia.org:443

It will show the pem fcertificates chain, you need to pick the last one, that is the root certificate.

If you want to see the certificate content you can use

openssl x509 -in pem3.crt -text #where pem3 is the certificate I saved

I followed a tutorial on ubuntu, https://ubuntu.com/server/docs/security-trust-store. For the root user it works perfectly fine, but not for my user

finally with this command

curl-config --ca

I have been able to understand that the location used from curl and anaconda is not the one from the ubuntu os. anaconda must have installed some new version for its purposes and the curl with my account was not working.

So I linked

ln -s /etc/ssl/certs/ca-certificates.crt cacert.pem

inside

$HOME/anaconda3/ssl

and something magic happened, now I can use curl with the man in the middle tool.