![[ChimeraX Issue Tracking System]](/trac/ChimeraX/chrome/site/ChimeraX-icon.svg){kind=icon}
#17223 closed defect (nonchimerax)
alphafold fetch: SSL certificate failure
| Reported by: | Owned by: | Zach Pearson | |
|---|---|---|---|
| Priority: | normal | Milestone: | |
| Component: | Structure Prediction | Version: | |
| Keywords: | Cc: | Tom Goddard, Greg Couch | |
| Blocked By: | Blocking: | ||
| Notify when closed: | Platform: | all | |
| Project: | ChimeraX |
Description
The following bug report has been submitted:
Platform: macOS-14.7.4-arm64-arm-64bit
ChimeraX Version: 1.9 (2024-12-11 19:11:19 UTC)
Description
Unable to add SSH certs to ChimeraX python.
Issue: Zscaler is blocking AlphaFoldDB requests (see below).
Fixing the issue requires running: pip install pip-system-certs
The pip that comes with the ChimeraX OSX package is in: /Applications/ChimeraX-1.9.app/Contents/Library/Frameworks/Python.framework/Versions/3.11/bin/
When I try executing the ChimeraX python pip, I get this error:
/Applications/ChimeraX-1.9.app/Contents/Library/Frameworks/Python.framework/Versions/3.11/bin/pip install pip-system-certs
-bash: /Applications/ChimeraX-1.9.app/Contents/Library/Frameworks/Python.framework/Versions/3.11/bin/pip: /private/var/tmp/chimerax_build/release-v1.9/chimerax/build/bin/python3.11: bad interpreter: No such file or directory
I tried to re-install pip:
/Applications/ChimeraX-1.9.app/Contents/Library/Frameworks/Python.framework/Versions/3.11/bin/python3 -m ensurepip
Result:
Defaulting to user installation because normal site-packages is not writeable
Looking in links: /tmp/tmp972360qo
Requirement already satisfied: setuptools in /Applications/ChimeraX-1.9.app/Contents/Library/Frameworks/Python.framework/Versions/3.11/lib/python3.11/site-packages (72.1.0)
Requirement already satisfied: pip in /Applications/ChimeraX-1.9.app/Contents/Library/Frameworks/Python.framework/Versions/3.11/lib/python3.11/site-packages (24.2)
alphafold fetch A0A0E1S081
Fetching url https://alphafold.ebi.ac.uk/files/AF-A0A0E1S081-F1-model_v4.cif failed:
<urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1002)>
Log:
Startup Messages
---
note | available bundle cache has not been initialized yet
UCSF ChimeraX version: 1.9 (2024-12-11)
© 2016-2024 Regents of the University of California. All rights reserved.
How to cite UCSF ChimeraX
> alphafold fetch J3KJT4
Chain information for AlphaFold J3KJT4 #1
---
Chain | Description | UniProt
A | Trehalose-6-phosphate synthase | J3KJT4_COCIM 1-508
Color AlphaFold J3KJT4 by residue attribute pLDDT_score
> alphafold fetch A0A0E1S081
Fetching url https://alphafold.ebi.ac.uk/files/AF-A0A0E1S081-F1-model_v4.cif
failed:
<urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed:
unable to get local issuer certificate (_ssl.c:1002)>
OpenGL version: 4.1 Metal - 88.1
OpenGL renderer: Apple M1 Pro
OpenGL vendor: Apple
Python: 3.11.4
Locale: UTF-8
Qt version: PyQt6 6.7.1, Qt 6.7.1
Qt runtime version: 6.7.3
Qt platform: cocoa
Hardware:
Hardware Overview:
Model Name: MacBook Pro
Model Identifier: MacBookPro18,3
Model Number: Z15G001WALL/A
Chip: Apple M1 Pro
Total Number of Cores: 8 (6 performance and 2 efficiency)
Memory: 32 GB
System Firmware Version: 11881.81.4
OS Loader Version: 10151.140.19.700.2
Software:
System Software Overview:
System Version: macOS 14.7.4 (23H420)
Kernel Version: Darwin 23.6.0
Time since boot: 26 days, 11 hours, 2 minutes
Graphics/Displays:
Apple M1 Pro:
Chipset Model: Apple M1 Pro
Type: GPU
Bus: Built-In
Total Number of Cores: 14
Vendor: Apple (0x106b)
Metal Support: Metal 3
Displays:
Color LCD:
Display Type: Built-in Liquid Retina XDR Display
Resolution: 3024 x 1964 Retina
Main Display: Yes
Mirror: Off
Online: Yes
Automatically Adjust Brightness: No
Connection Type: Internal
Installed Packages:
alabaster: 1.0.0
anyio: 4.7.0
appdirs: 1.4.4
appnope: 0.1.4
asttokens: 3.0.0
auditwheel: 6.1.0
babel: 2.16.0
beautifulsoup4: 4.12.3
blockdiag: 3.0.0
blosc2: 3.0.0
build: 1.2.1
certifi: 2023.11.17
cftime: 1.6.4.post1
charset-normalizer: 3.4.0
ChimeraX-AddCharge: 1.5.18
ChimeraX-AddH: 2.2.6
ChimeraX-AlignmentAlgorithms: 2.0.2
ChimeraX-AlignmentHdrs: 3.5
ChimeraX-AlignmentMatrices: 2.1
ChimeraX-Alignments: 2.16.1
ChimeraX-AlphaFold: 1.0.1
ChimeraX-AltlocExplorer: 1.1.2
ChimeraX-AmberInfo: 1.0
ChimeraX-Arrays: 1.1
ChimeraX-Atomic: 1.58.8
ChimeraX-AtomicLibrary: 14.1.11
ChimeraX-AtomSearch: 2.0.1
ChimeraX-AxesPlanes: 2.4
ChimeraX-BasicActions: 1.1.2
ChimeraX-BILD: 1.0
ChimeraX-BlastProtein: 3.0.0
ChimeraX-BondRot: 2.0.4
ChimeraX-BugReporter: 1.0.1
ChimeraX-BuildStructure: 2.13.1
ChimeraX-Bumps: 1.0
ChimeraX-BundleBuilder: 1.4.0
ChimeraX-ButtonPanel: 1.0.1
ChimeraX-CageBuilder: 1.0.1
ChimeraX-CellPack: 1.0
ChimeraX-Centroids: 1.4
ChimeraX-ChangeChains: 1.1
ChimeraX-CheckWaters: 1.4
ChimeraX-ChemGroup: 2.0.1
ChimeraX-Clashes: 2.3
ChimeraX-ColorActions: 1.0.5
ChimeraX-ColorGlobe: 1.0
ChimeraX-ColorKey: 1.5.6
ChimeraX-CommandLine: 1.2.5
ChimeraX-ConnectStructure: 2.0.1
ChimeraX-Contacts: 1.0.1
ChimeraX-Core: 1.9
ChimeraX-CoreFormats: 1.2
ChimeraX-coulombic: 1.4.4
ChimeraX-Crosslinks: 1.0
ChimeraX-Crystal: 1.0
ChimeraX-CrystalContacts: 1.0.1
ChimeraX-DataFormats: 1.2.3
ChimeraX-Dicom: 1.2.6
ChimeraX-DistMonitor: 1.4.2
ChimeraX-DockPrep: 1.1.3
ChimeraX-Dssp: 2.0
ChimeraX-EMDB-SFF: 1.0
ChimeraX-ESMFold: 1.0
ChimeraX-FileHistory: 1.0.1
ChimeraX-FunctionKey: 1.0.1
ChimeraX-Geometry: 1.3
ChimeraX-gltf: 1.0
ChimeraX-Graphics: 1.4.1
ChimeraX-Hbonds: 2.5
ChimeraX-Help: 1.3
ChimeraX-HKCage: 1.3
ChimeraX-IHM: 1.1
ChimeraX-ImageFormats: 1.2
ChimeraX-IMOD: 1.0
ChimeraX-IO: 1.0.3
ChimeraX-ItemsInspection: 1.0.1
ChimeraX-IUPAC: 1.0
ChimeraX-KVFinder: 1.2.1
ChimeraX-Label: 1.1.14
ChimeraX-ListInfo: 1.2.2
ChimeraX-Log: 1.2
ChimeraX-LookingGlass: 1.1
ChimeraX-Maestro: 1.9.1
ChimeraX-Map: 1.3
ChimeraX-MapData: 2.0
ChimeraX-MapEraser: 1.0.1
ChimeraX-MapFilter: 2.0.1
ChimeraX-MapFit: 2.0
ChimeraX-MapSeries: 2.1.1
ChimeraX-Markers: 1.0.1
ChimeraX-Mask: 1.0.2
ChimeraX-MatchMaker: 2.1.6
ChimeraX-MCopy: 1.0
ChimeraX-MDcrds: 2.7.2
ChimeraX-MedicalToolbar: 1.1
ChimeraX-Meeting: 1.0.1
ChimeraX-MLP: 1.1.1
ChimeraX-mmCIF: 2.14.2
ChimeraX-MMTF: 2.2
ChimeraX-ModelArchive: 1.0
ChimeraX-Modeller: 1.5.18
ChimeraX-ModelPanel: 1.5
ChimeraX-ModelSeries: 1.0.1
ChimeraX-Mol2: 2.0.3
ChimeraX-Mole: 1.0
ChimeraX-Morph: 1.0.2
ChimeraX-MouseModes: 1.2
ChimeraX-Movie: 1.0
ChimeraX-MutationScores: 1.0
ChimeraX-Neuron: 1.0
ChimeraX-Nifti: 1.2
ChimeraX-NMRSTAR: 1.0.2
ChimeraX-NRRD: 1.2
ChimeraX-Nucleotides: 2.0.3
ChimeraX-OpenCommand: 1.14
ChimeraX-OrthoPick: 1.0.1
ChimeraX-PDB: 2.7.6
ChimeraX-PDBBio: 1.0.1
ChimeraX-PDBLibrary: 1.0.4
ChimeraX-PDBMatrices: 1.0
ChimeraX-PickBlobs: 1.0.1
ChimeraX-Positions: 1.0
ChimeraX-PresetMgr: 1.1.2
ChimeraX-PubChem: 2.2
ChimeraX-ReadPbonds: 1.0.1
ChimeraX-Registration: 1.1.2
ChimeraX-RemoteControl: 1.0
ChimeraX-RenderByAttr: 1.6.2
ChimeraX-RenumberResidues: 1.1
ChimeraX-ResidueFit: 1.0.1
ChimeraX-RestServer: 1.3.1
ChimeraX-RNALayout: 1.0
ChimeraX-RotamerLibMgr: 4.0
ChimeraX-RotamerLibsDunbrack: 2.0
ChimeraX-RotamerLibsDynameomics: 2.0
ChimeraX-RotamerLibsRichardson: 2.0
ChimeraX-SaveCommand: 1.5.1
ChimeraX-SchemeMgr: 1.0
ChimeraX-SDF: 2.0.2
ChimeraX-Segger: 1.0
ChimeraX-Segment: 1.0.1
ChimeraX-Segmentations: 3.5.6
ChimeraX-SelInspector: 1.0
ChimeraX-SeqView: 2.14
ChimeraX-Shape: 1.0.1
ChimeraX-Shell: 1.0.1
ChimeraX-Shortcuts: 1.2.0
ChimeraX-ShowSequences: 1.0.3
ChimeraX-SideView: 1.0.1
ChimeraX-SimilarStructures: 1.0.1
ChimeraX-Smiles: 2.1.2
ChimeraX-SmoothLines: 1.0
ChimeraX-SpaceNavigator: 1.0
ChimeraX-StdCommands: 1.18.1
ChimeraX-STL: 1.0.1
ChimeraX-Storm: 1.0
ChimeraX-StructMeasure: 1.2.1
ChimeraX-Struts: 1.0.1
ChimeraX-Surface: 1.0.1
ChimeraX-SwapAA: 2.0.1
ChimeraX-SwapRes: 2.5
ChimeraX-TapeMeasure: 1.0
ChimeraX-TaskManager: 1.0
ChimeraX-Test: 1.0
ChimeraX-Toolbar: 1.2.3
ChimeraX-ToolshedUtils: 1.2.4
ChimeraX-Topography: 1.0
ChimeraX-ToQuest: 1.0
ChimeraX-Tug: 1.0.1
ChimeraX-UI: 1.41
ChimeraX-Umap: 1.0
ChimeraX-uniprot: 2.3.1
ChimeraX-UnitCell: 1.0.1
ChimeraX-ViewDockX: 1.4.4
ChimeraX-VIPERdb: 1.0
ChimeraX-Vive: 1.1
ChimeraX-VolumeMenu: 1.0.1
ChimeraX-vrml: 1.0
ChimeraX-VTK: 1.0
ChimeraX-WavefrontOBJ: 1.0
ChimeraX-WebCam: 1.0.2
ChimeraX-WebServices: 1.1.4
ChimeraX-Zone: 1.0.1
colorama: 0.4.6
comm: 0.2.2
contourpy: 1.3.1
cxservices: 1.2.3
cycler: 0.12.1
Cython: 3.0.10
debugpy: 1.8.9
decorator: 5.1.1
docutils: 0.21.2
executing: 2.1.0
filelock: 3.15.4
fonttools: 4.55.3
funcparserlib: 2.0.0a0
glfw: 2.8.0
grako: 3.16.5
h11: 0.14.0
h5py: 3.12.1
html2text: 2024.2.26
httpcore: 1.0.7
httpx: 0.28.1
idna: 3.10
ihm: 1.3
imagecodecs: 2024.6.1
imagesize: 1.4.1
ipykernel: 6.29.5
ipython: 8.26.0
ipywidgets: 8.1.5
jedi: 0.19.1
Jinja2: 3.1.4
jupyter_client: 8.6.2
jupyter_core: 5.7.2
jupyterlab_widgets: 3.0.13
kiwisolver: 1.4.7
line_profiler: 4.1.3
lxml: 5.2.2
lz4: 4.3.3
MarkupSafe: 3.0.2
matplotlib: 3.9.2
matplotlib-inline: 0.1.7
msgpack: 1.0.8
ndindex: 1.9.2
nest-asyncio: 1.6.0
netCDF4: 1.6.5
networkx: 3.3
nibabel: 5.2.0
nptyping: 2.5.0
numexpr: 2.10.2
numpy: 1.26.4
openvr: 1.26.701
packaging: 23.2
ParmEd: 4.2.2
parso: 0.8.4
pep517: 0.13.1
pexpect: 4.9.0
pillow: 10.4.0
pip: 24.2
pkginfo: 1.11.1
platformdirs: 4.3.6
prompt_toolkit: 3.0.48
psutil: 6.0.0
ptyprocess: 0.7.0
pure_eval: 0.2.3
py-cpuinfo: 9.0.0
pycollada: 0.8
pydicom: 2.4.4
pyelftools: 0.31
Pygments: 2.18.0
pynmrstar: 3.3.4
pynrrd: 1.0.0
PyOpenGL: 3.1.7
PyOpenGL-accelerate: 3.1.7
pyopenxr: 1.0.3401
pyparsing: 3.2.0
pyproject_hooks: 1.2.0
PyQt6-commercial: 6.7.1
PyQt6-Qt6: 6.7.3
PyQt6-WebEngine-commercial: 6.7.0
PyQt6-WebEngine-Qt6: 6.7.3
PyQt6-WebEngineSubwheel-Qt6: 6.7.3
PyQt6_sip: 13.8.0
python-dateutil: 2.9.0.post0
pytz: 2024.2
pyzmq: 26.2.0
qtconsole: 5.5.2
QtPy: 2.4.2
qtshim: 1.0
RandomWords: 0.4.0
requests: 2.32.3
scipy: 1.14.0
setuptools: 72.1.0
sfftk-rw: 0.8.1
six: 1.16.0
sniffio: 1.3.1
snowballstemmer: 2.2.0
sortedcontainers: 2.4.0
soupsieve: 2.6
Sphinx: 8.0.2
sphinx-autodoc-typehints: 2.2.3
sphinxcontrib-applehelp: 2.0.0
sphinxcontrib-blockdiag: 3.0.0
sphinxcontrib-devhelp: 2.0.0
sphinxcontrib-htmlhelp: 2.1.0
sphinxcontrib-jsmath: 1.0.1
sphinxcontrib-qthelp: 2.0.0
sphinxcontrib-serializinghtml: 2.0.0
stack-data: 0.6.3
superqt: 0.6.3
tables: 3.10.1
tcia_utils: 1.5.1
tifffile: 2024.7.24
tinyarray: 1.2.4
tornado: 6.4.2
traitlets: 5.14.3
typing_extensions: 4.12.2
tzdata: 2024.2
urllib3: 2.2.3
wcwidth: 0.2.13
webcolors: 24.6.0
wheel: 0.43.0
wheel-filename: 1.4.1
widgetsnbextension: 4.0.13
Change History (10)
comment:1 by , 7 months ago
| Cc: | added |
|---|---|
| Component: | Unassigned → Structure Prediction |
| Owner: | set to |
| Platform: | → all |
| Project: | → ChimeraX |
| Status: | new → assigned |
| Summary: | ChimeraX bug report submission → alphafold fetch: SSL certificate failure |
comment:2 by , 7 months ago
| Cc: | added; removed |
|---|---|
| Owner: | changed from to |
Hi Isabelle,
The ChimeraX command "alphafold fetch A0A0E1S081" is working for me on Mac ChimeraX 1.9 with macOS 15.3.2 without any SSL certificate error. It could be that the EBI's alphafold database certificate expired and that they fixed it. Or it could be that your older macOS 14.7.4 system does not have the needed certificate that my macOS 15.3.2 has. I don't think it is a macOS version problem because I think ChimeraX includes the Python certificates module certifi so it isn't using the macOS system certificates.
Could you try the AlphaFold fetch again and see if it is working for you now?
At any rate the ChimeraX "pip install" command is broken as your error shows it is trying to find Python in /private/var/tmp/chimerax_build/release-v1.9/chimerax/build/bin/python3.11 which is the location on our computers where the distribution was built. That is a bug that Zach in our lab will look at.
Tom
comment:3 by , 7 months ago
Hello Tom, Our IT folks helped me fix this: append 2 Zscaler certificates, ZscalerInt and ZscalerRoot to the cacert.pem file that is located in /Applications/ChimeraX-1.9.app/Contents/Library/Frameworks/Python.framework/Versions/3.11/lib/python3.11/site-packages/certifi It didn't work on the command-line on our system (permission issues), but somehow using the Finder GUI to copy and paste the updated file did the trick... go figure! Regards, Isabelle
comment:4 by , 7 months ago
Glad you got AlphaFold fetch to work. I'm not sure I understand why you need ZScaler certificates. My guess is that University of Washington uses ZScaler to filter all its network traffic and this requires that the ZScaler root certificate be present to establish ssl connections. Maybe all your UW computers have the ZScaler certificate installed but ChimeraX uses certificates from Python certifi which does not have it. The ways computer security makes computers not work are endless.
Here is ZScaler documentation on the painful steps to try to resolve this issue:
https://help.zscaler.com/zia/adding-custom-certificate-application-specific-trust-store
comment:5 by , 7 months ago
Hi Isabelle,
I am a bit alarmed that ChimeraX has to be hacked to add the ZScaler certificate to get alphafold fetch to work. Did fetching PDB files or EMDB files or any other online database files in ChimeraX work for you before? I would think all of those would fail. Also all ChimeraX web services like AlphaFold prediction, Modeller homology modeling, BLAST search, ... would all fail if ZScaler is filtering all the UW network traffic.
While you found a solution, it seems that the hundreds of other UW ChimeraX users are going to have a crippled ChimeraX.
Do I understand this right? Did UW recently start using ZScaler? I am trying to understand whether UW security has broken ChimeraX for all our UW users.
Tom
comment:6 by , 7 months ago
Hello Tom, no panic. UW traffic is fine. It's my Seattle Children's imaged Mac that's the problem. We have double affiliation in the group because lots of us supervise UW undergrads and teach at UW. Apologies for the confusion! Isabelle
comment:8 by , 7 months ago
| Resolution: | → nonchimerax |
|---|---|
| Status: | assigned → closed |
The Python programming language on the Mac does not use the Mac system SSL certificates. On Windows and Linux it does use the system certificates. While it is possible to add ChimeraX code to try to use the Mac system certificates I don't plan on doing that at this point. What ZScaler is doing is circumventing end-to-end encryption of all your network traffic so they can snoop on everything you do. It is ironic that in the name of security they do this man-in-the-middle hack to decrypt all your network traffic. I don't think the ChimeraX team should support that misguided approach to security.
comment:9 by , 7 months ago
Just to clarify: Seattle Children's only enforces Zscaler as a VPN when working outside premises. When I'm onsite, I'm behind the internal network's firewall and Zscaler is turned off. Ironically, I use ChimeraX even more when I'm offsite because everyone wants to see the cool stuff in 3D. Most of my disk space is crammed with ChimeraX session dumps, lol. I.
comment:10 by , 7 months ago
Thanks for explaining the Zscaler situation. I hope the use of Zscaler does not spread.
Reported by Isabelle Phan