Certificate issues installing DepthAI on Windows

jremba

Hi, I am trying to get DepthAI running on Windows 10
As far as I can tell, I have successfully cloned the latest depthAI repo, and I am on the step where I go to the examples folder and run python install_requirements.py.
I am getting what seems to be certificates errors, I'll put some code snippet below.
Any help would be greatly appreciated!

$ python install_requirements.py

C:\Users\j\repos\DepthAI_repo\depthai-python\examples\install_requirements.py:20: SyntaxWarning: invalid escape sequence '\s'

return (len(string) != len(re.sub('[\s+]', '', string)))

pip 24.2 from C:\Users\j\repos\DepthAI_repo\.venv\Lib\site-packages\pip (python 3.12)

Requirement already satisfied: pip in c:\users\j\repos\depthai_repo\.venv\lib\site-packages (24.2)

Collecting pyyaml

Using cached PyYAML-6.0.2-cp312-cp312-win_amd64.whl.metadata (2.1 kB)

Collecting requests

Using cached requests-2.32.3-py3-none-any.whl.metadata (4.6 kB)

Collecting numpy<3.0

Using cached numpy-2.1.0-cp312-cp312-win_amd64.whl.metadata (59 kB)

Collecting opencv-python<5.0

Using cached opencv_python-4.10.0.84-cp37-abi3-win_amd64.whl.metadata (20 kB)

Collecting charset-normalizer<4,>=2 (from requests)

Using cached charset_normalizer-3.3.2-cp312-cp312-win_amd64.whl.metadata (34 kB)

Collecting idna<4,>=2.5 (from requests)

Using cached idna-3.8-py3-none-any.whl.metadata (9.9 kB)

Collecting urllib3<3,>=1.21.1 (from requests)

Using cached urllib3-2.2.2-py3-none-any.whl.metadata (6.4 kB)

Collecting certifi>=2017.4.17 (from requests)

Using cached certifi-2024.7.4-py3-none-any.whl.metadata (2.2 kB)

Using cached PyYAML-6.0.2-cp312-cp312-win_amd64.whl (156 kB)

Using cached requests-2.32.3-py3-none-any.whl (64 kB)

Using cached numpy-2.1.0-cp312-cp312-win_amd64.whl (12.6 MB)

Using cached opencv_python-4.10.0.84-cp37-abi3-win_amd64.whl (38.8 MB)

Using cached certifi-2024.7.4-py3-none-any.whl (162 kB)

Using cached charset_normalizer-3.3.2-cp312-cp312-win_amd64.whl (100 kB)

Using cached idna-3.8-py3-none-any.whl (66 kB)

Using cached urllib3-2.2.2-py3-none-any.whl (121 kB)

Installing collected packages: urllib3, pyyaml, numpy, idna, charset-normalizer, certifi, requests, opencv-python

Successfully installed certifi-2024.7.4 charset-normalizer-3.3.2 idna-3.8 numpy-2.1.0 opencv-python-4.10.0.84 pyyaml-6.0.2 requests-2.32.3 urllib3-2.2.2

Collecting depthai

Using cached depthai-2.28.0.0-cp312-cp312-win_amd64.whl.metadata (8.9 kB)

Using cached depthai-2.28.0.0-cp312-cp312-win_amd64.whl (11.1 MB)

Installing collected packages: depthai

Successfully installed depthai-2.28.0.0

################ Downloading calibration-sample ################

========== Downloading C:\Users\j\repos\DepthAI_repo\depthai-python\examples\models\depthai_calib.json

Traceback (most recent call last):

File "C:\Users\j\repos\DepthAI_repo\.venv\Lib\site-packages\urllib3\connectionpool.py", line 466, in _make_request

self._validate_conn(conn)

File "C:\Users\j\repos\DepthAI_repo\.venv\Lib\site-packages\urllib3\connectionpool.py", line 1095, in _validate_conn

conn.connect()

File "C:\Users\j\repos\DepthAI_repo\.venv\Lib\site-packages\urllib3\connection.py", line 652, in connect

sock_and_verified = _ssl_wrap_socket_and_match_hostname(

                    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

File "C:\Users\j\repos\DepthAI_repo\.venv\Lib\site-packages\urllib3\connection.py", line 805, in _ssl_wrap_socket_and_match_hostname

ssl_sock = ssl_wrap_socket(

           ^^^^^^^^^^^^^^^^

File "C:\Users\j\repos\DepthAI_repo\.venv\Lib\site-packages\urllib3\util\ssl_.py", line 465, in ssl_wrap_socket

ssl_sock = _ssl_wrap_socket_impl(sock, context, tls_in_tls, server_hostname)

           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

File "C:\Users\j\repos\DepthAI_repo\.venv\Lib\site-packages\urllib3\util\ssl_.py", line 509, in _ssl_wrap_socket_impl

return ssl_context.wrap_socket(sock, server_hostname=server_hostname)

       ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

File "C:\Python312\Lib\ssl.py", line 455, in wrap_socket

return self.sslsocket_class._create(

       ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

File "C:\Python312\Lib\ssl.py", line 1042, in _create

self.do_handshake()

File "C:\Python312\Lib\ssl.py", line 1320, in do_handshake

self._sslobj.do_handshake()

ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1000)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):

File "C:\Users\j\repos\DepthAI_repo\.venv\Lib\site-packages\urllib3\connectionpool.py", line 789, in urlopen

response = self._make_request(

           ^^^^^^^^^^^^^^^^^^^

File "C:\Users\j\repos\DepthAI_repo\.venv\Lib\site-packages\urllib3\connectionpool.py", line 490, in _make_request

raise new_e

urllib3.exceptions.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1000)

The above exception was the direct cause of the following exception:

Traceback (most recent call last):

File "C:\Users\j\repos\DepthAI_repo\.venv\Lib\site-packages\requests\adapters.py", line 667, in send

resp = conn.urlopen(

       ^^^^^^^^^^^^^

File "C:\Users\j\repos\DepthAI_repo\.venv\Lib\site-packages\urllib3\connectionpool.py", line 843, in urlopen

retries = retries.increment(

          ^^^^^^^^^^^^^^^^^^

File "C:\Users\j\repos\DepthAI_repo\.venv\Lib\site-packages\urllib3\util\retry.py", line 519, in increment

raise MaxRetryError(_pool, url, reason) from reason  # type: ignore[arg-type]

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='artifacts.luxonis.com', port=443): Max retries exceeded with url: /artifactory/luxonis-depthai-data-local/misc/depthai_calib.json (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1000)')))

During handling of the above exception, another exception occurred:

Traceback (most recent call last):

File "C:\Users\j\repos\DepthAI_repo\depthai-python\examples/downloader/downloader.py", line 82, in try_download

chunk_iterable, continue_offset = start_download(offset=progress.size)

                                  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

File "C:\Users\j\repos\DepthAI_repo\depthai-python\examples\downloader\common.py", line 355, in start_download

response = session.get(self.url, stream=True, timeout=DOWNLOAD_TIMEOUT,

           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

File "C:\Users\j\repos\DepthAI_repo\.venv\Lib\site-packages\requests\sessions.py", line 602, in get

return self.request("GET", url, \*\*kwargs)

       ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

File "C:\Users\j\repos\DepthAI_repo\.venv\Lib\site-packages\requests\sessions.py", line 589, in request

resp = self.send(prep, \*\*send_kwargs)

       ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

File "C:\Users\j\repos\DepthAI_repo\.venv\Lib\site-packages\requests\sessions.py", line 703, in send

r = adapter.send(request, \*\*kwargs)

    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

File "C:\Users\j\repos\DepthAI_repo\.venv\Lib\site-packages\requests\adapters.py", line 698, in send

raise SSLError(e, request=request)

requests.exceptions.SSLError: HTTPSConnectionPool(host='artifacts.luxonis.com', port=443): Max retries exceeded with url: /artifactory/luxonis-depthai-data-local/misc/depthai_calib.json (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1000)')))

########## Error: Download failed

Will retry in 10 seconds...

Traceback (most recent call last):

File "C:\Users\j\repos\DepthAI_repo\depthai-python\examples/downloader/downloader.py", line 385, in <module>

main()

File "C:\Users\j\repos\DepthAI_repo\depthai-python\examples/downloader/downloader.py", line 368, in main

results = [download_model(reporter, args, cache, session_factory, requested_precisions, model)

           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

File "C:\Users\j\repos\DepthAI_repo\depthai-python\examples/downloader/downloader.py", line 257, in download_model

if not try_retrieve(model_file_reporter, destination, model_file, cache, args.num_attempts,

       ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

File "C:\Users\j\repos\DepthAI_repo\depthai-python\examples/downloader/downloader.py", line 227, in try_retrieve

actual_hash = try_download(reporter, f, num_attempts, start_download, model_file.size)

              ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

File "C:\Users\j\repos\DepthAI_repo\depthai-python\examples/downloader/downloader.py", line 78, in try_download

time.sleep(retry_delay)

KeyboardInterrupt

Traceback (most recent call last):

File "C:\Users\j\repos\DepthAI_repo\depthai-python\examples\install_requirements.py", line 192, in <module>

subprocess.check_call(downloader_cmd)

File "C:\Python312\Lib\subprocess.py", line 408, in check_call

retcode = call(\*popenargs, \*\*kwargs)

          ^^^^^^^^^^^^^^^^^^^^^^^^^^

File "C:\Python312\Lib\subprocess.py", line 391, in call

return p.wait(timeout=timeout)

       ^^^^^^^^^^^^^^^^^^^^^^^

File "C:\Python312\Lib\subprocess.py", line 1264, in wait

return self._wait(timeout=timeout)

       ^^^^^^^^^^^^^^^^^^^^^^^^^^^

File "C:\Python312\Lib\subprocess.py", line 1590, in _wait

result = _winapi.WaitForSingleObject(self._handle,

         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

jakaskerl

Hi @jremba
Are you on company internet? We've seen this happen when the network is configured with firewalls and proxies.

Thanks,
Jaka

jremba

jakaskerl I am - have you found a way around the issue?

jakaskerl

Hi @jremba
Depends on what the cause is. I'm just going to paste the GPT response:

It seems like the SSL certificate verification is failing when trying to download files from the internet, which is common when behind a company network with restrictive firewall or proxy settings. Here are some potential workarounds to address this issue:

1. Disable SSL Verification (Not Recommended for Production)

You can try disabling SSL verification temporarily by setting an environment variable or using a flag for pip. This is a quick fix but not recommended for production or secure environments as it disables SSL verification.

Option 1: Disable SSL in Python using an Environment Variable

You can set an environment variable to disable SSL verification when using Python's requests library.

export PYTHONHTTPSVERIFY=0

Option 2: Disable SSL in `pip` commands

Modify the script to pass --trusted-host and --disable-pip-version-check options when installing dependencies:

pip install --trusted-host pypi.org --trusted-host files.pythonhosted.org <package>

2. Use a Proxy

If you are behind a corporate proxy, you'll need to configure your environment or the Python process to use it.

Option 1: Configure Proxy for Python and Pip

Add your proxy settings to the environment variables in your terminal:

export HTTP_PROXY="http://your-proxy-server:port"
export HTTPS_PROXY="http://your-proxy-server:port"

You can also include proxy settings in pip commands:

pip install <package> --proxy http://your-proxy-server:port

Option 2: Configure Proxy for `requests` in Python Code

If you're using the requests library directly (as in the error), you can modify the code to explicitly pass proxy settings:

proxies = {
    'http': 'http://your-proxy-server:port',
    'https': 'http://your-proxy-server:port'
}
requests.get('https://example.com', proxies=proxies)

3. Install Certificates Manually

If your company network uses custom SSL certificates, you can download the necessary certificates and install them into your Python environment.

Steps:

Ask your IT department for the root certificate used by the proxy/firewall.

Add the certificate to your system or directly into your Python environment.

You can add it to your system certificates or directly to Python by placing it in the cacert.pem file, which is used by Python's requests library. The location of cacert.pem can be found by running:

   python -m certifi

Add the certificate to this file and try running the script again.

4. Manually Download the Required Files

If the issue is specific to downloading the depthai_calib.json file and other resources, you can manually download these files using a browser or a download tool that works behind your corporate proxy, and place them in the appropriate location in your project.

5. Contact IT for Whitelisting

Your company's firewall or proxy might be blocking certain external resources. Contact your IT department to whitelist:

pypi.org
files.pythonhosted.org
artifacts.luxonis.com

This way, your system will be allowed to download dependencies and necessary files.

Conclusion:

The most appropriate solution will depend on your network environment. For short-term testing, disabling SSL verification may work, but for longer-term solutions, you should use proper proxy settings or request certificates from your IT department.

jremba

The proxy is intercepting all of the packets - we do have the proxy certificate. How do we use that certificate to resolve these SSL errors?

jakaskerl

jremba
If you have the certs, try running this (I assume all traffic runs through the proxy):

curl --cacert ~/path/to/cert.pem [OPTIONAL IF YOU HAVE CLIENT CERTS AS WELL --cert client.pem] -L https://artifacts.luxonis.com/artifactory --verbose

This should return successful.

Then you can do:

export REQUESTS_CA_BUNDLE=~/path/to/cert.pem
and for pip certificates (might not be needed)
export PIP_CERT=~/path/to/cert.pem

--This was tested on custom proxy, but should work on company proxy as well--

Thanks
Jaka

jremba

Hi,

All traffic does run through the proxy. However, I am on a windows machine, and those look like Linux commands. I tried it in a GIT bash as the internet suggests curl is supported there, but it does not seem to be working. I'm getting an error:
$ curl --cacert C:\Python312\Lib\site-packages\pip\_vendor\certifi\cacert.pem -L https://artifacts.luxonis.com/artifactory --verbose

* Host artifacts.luxonis.com:443 was resolved.

* IPv6: (none)

* IPv4: 172.67.216.90, 104.21.86.67

* Trying 172.67.216.90:443...

* Connected to artifacts.luxonis.com (172.67.216.90) port 443

* schannel: disabled automatic use of client certificate

* schannel: failed to open CA file 'C😛ython312Libsite-packagespip_vendorcertificacert.pem': The system cannot find the file specified.

* closing connection #0

curl: (77) schannel: failed to open CA file 'C😛ython312Libsite-packagespip_vendorcertificacert.pem': The system cannot find the file specified.

(.venv)

Please advise, thanks.

jakaskerl

jremba
Seems to be windows shenanigans so I'm attaching GPT guide:

Steps to resolve the issue on Windows:

Ensure the path is correctly formatted:
Windows paths need either double backslashes (\\) or forward slashes (/) to avoid being misinterpreted by curl.

Change this:

    C:\Python312\Lib\site-packages\pip\_vendor\certifi\cacert.pem

To this:

    C:/Python312/Lib/site-packages/pip/_vendor/certifi/cacert.pem

Retry the curl command:
Run the curl command again with the corrected path. Example:

    curl --cacert C:/Python312/Lib/site-packages/pip/_vendor/certifi/cacert.pem -L https://artifacts.luxonis.com/artifactory --verbose

Check the certificate file: Ensure that the file path actually points to a valid CA certificate file. You can manually inspect the location and confirm that cacert.pem exists there.

Use environment variables for certificate paths:
If you want pip and other Python tools to use the custom certificate, set the environment variables for your session:

    export REQUESTS_CA_BUNDLE=C:/path/to/cert.pem
    export PIP_CERT=C:/path/to/cert.pem

Windows Command Prompt or PowerShell alternative:
If you’re running these commands in the Windows Command Prompt or PowerShell instead of Git Bash, the path formatting is slightly different. In the Command Prompt, use double backslashes:

    curl --cacert C:\\Python312\\Lib\\site-packages\\pip\\_vendor\\certifi\\cacert.pem -L https://artifacts.luxonis.com/artifactory --verbose

Or, in PowerShell:

    curl --cacert C:/Python312/Lib/site-packages/pip/_vendor/certifi/cacert.pem -L https://artifacts.luxonis.com/artifactory --verbose

Set environment variables for Windows:
You can set environment variables in Windows through the GUI or directly in PowerShell like this:

    $env:REQUESTS_CA_BUNDLE="C:/path/to/cert.pem"
    $env:PIP_CERT="C:/path/to/cert.pem"

Thanks
Jaka