SSL Certificate Error

SSL Certificate Error

Use this when running the dataset-registration scripts (or any Python that calls the V7 / Roche APIs) and you hit a TLS trust error.

Error

ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED]

Python does not trust the Roche certificate chain, so the request fails before it reaches V7.

Fix

Follow the steps below.

  1. Download the certificate from Roche G3 Root CA.

  2. Rename the certificate to roche_root.crt.

  3. Open a terminal and install the helpers (pre-requisite: Python installed on your machine):

    pip install certifi
pip install dos2unix

  4. Open a Python console with python3 (or python on macOS) and find the certifi bundle path:

    import certifi
certifi.where()

    Make a note of the certificate file directory. Sample output:

    /Users/UNIXID/.local/lib/python3.10/site-packages/certifi/cacert.pem

  5. Navigate to that directory and append the Roche root certificate to the bundle (replace the file name if yours is not cacert.pem):

    cat roche_root.crt >> /Users/UNIXID/.local/lib/python3.10/site-packages/certifi/cacert.pem

  6. Open the cacert.pem file and check for ^M characters. If present, run dos2unix; if not, skip this step:

    dos2unix cacert.pem

  7. Re-run your installation / script — the issue should now be resolved.

If it still fails, reach out to the gCS Infra admin team via #ext-ecdi-v7 (gred.slack.com). See Support.

Slack Notification Template