Using NGC CLI with custom CA certificates

I’m trying to use the NGC CLI behind a corporate firewall which requires TLS clients to use a custom CA certificate. Most applications automatically use the custom file /etc/ssl/certs/ca-certificates.crt but the NGC CLI does not. How can I configure the NGC CLI to use this custom CA certificate/bundle?

Here is the error that I get.

./ngc --debug registry model list nvidia/tao/pretrained_detectnet_v2:*
ngc --debug registry model list nvidia/tao/pretrained_detectnet_v2:*
Error querying external IP address: The DNS operation timed out after 5.005450248718262 seconds
Requesting URL (GET): https://api.ngc.nvidia.com/v2/models/nvidia/tao/pretrained_detectnet_v2/versions?page-size=1000&sort-order=SEMVER_DESC
    payload: None
    params: None
Connection failed; retrying... (Retries left: 5)
Connection failed: HTTPSConnectionPool(host='api.ngc.nvidia.com', port=443): Max retries exceeded with url: /v2/models/nvidia/tao/pretrained_detectnet_v2/versions?page-size=1000&sort-order=SEMVER_DESC (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1123)')))
Trying again.

Hello Claudio,

Firstly, I recommend to check the CA Certificate chain file that you are using for the installation. It should be with the required intermediate and root certificate.

The path should be Main certificate >> Intermediate certificate >> Root certificate.
At last, please also verify the certificate chain as the error indicates it has the self signed certificate in the CA Chain.

Moreover, you can set the environment variable “REQUESTS_CA_BUNDLE” for the NGC CLI to use the custom CA certificate file for the installation.

To know more about the SSL Certificate Error you can check >>> SSL Error