id	summary	reporter	owner	description	type	status	priority	milestone	component	version	resolution	keywords	cc	blockedby	blocking	notify_on_close	platform	project
17257	ChimeraX https requests fail at University of Washington due to ZScaler network security	Tom Goddard	Tom Goddard	"Isabelle Phan of UW reported AlphaFold fetch gets an ssl certificate verification error in ticket #17223.

The problem is that UW uses ZScaler, a network security company, to filter network traffic and the ZScaler root certificate needs to be installed to make SSL and TLS connections.  But ChimeraX uses Python certifi for certificates instead of the system certificates and so the ZScaler certificate is not available.  I believe this will cause all https requests made by ChimeraX to fail, e.g. PDB fetch, EMDB fetch, web services.

The ZScaler web site describes this problem and the specific steps to try to add their certificate to dozens of applications that use their own certificate store.

https://help.zscaler.com/zia/adding-custom-certificate-application-specific-trust-store

Should we do anything about this?

On the one hand the havoc caused by ZScaler filtering is UW's problem if they decide to use it.  On the other hand UW probably has hundreds of ChimeraX users and I would think their use of ChimeraX would be crippled by this problem.
"	defect	closed	moderate		Input/Output		wontfix		chimerax-programmers				all	ChimeraX