Error installing Fusion 360: SSL: CERTIFICATE_VERIFY_FAILED

Anonymous · ‎07-28-2016

I cannot install Fusion 360 using the client downloader. I keep getting the error SSL: CERTIFICATE_VERIFY_FAILED in the log file. Windows 10 x64.

"adsk.dls.streamer.exceptions.SSLNetworkFailure: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:548)"

How do I fix this?

svelez · ‎08-12-2016

Hello Kisoft,

I'm sorry that the installer is failing to function properly in this case.

You are not seeing things incorrectly, the command line/solution that kkriegel is referring to has been removed from this thread because while it was necessary for a short time to resolve a wide-spread issue, is not considered best practices.

Unfortunately, we do not have a firm handle on why some users experience these SSL_VALIDATION errors and others do not. We have theories, but all are unconfirmed so far.

As a rather low-probability first try, can you attempt to get fusion installed with this command line:

> "Fusion 360 Client Downloader.exe" --operation single

This will shift the installer to single-threaded operation which may reduce the chances of failure.

Besides that, would you be willing to try some diagnostics tools we provide over another channel?

Thanks,

Steven

kkriegel · ‎08-12-2016

I just realized you might be able to get out of this by doing the following: 1. Close fusion360 2. Clear your temporary internet files and browser caches. 3. Run fusion360 and see if it updates correctly. If that doesn't work, you could try removing fusion360 completely and the installing the latest available version.

daniel_lyall · ‎08-12-2016

https://knowledge.autodesk.com/support/fusion-360/troubleshooting/caas/sfdcarticles/sfdcarticles/How...

Anonymous · ‎08-15-2016

@svelez wrote:
Hello Kisoft,

I'm sorry that the installer is failing to function properly in this case.

You are not seeing things incorrectly, the command line/solution that kkriegel is referring to has been removed from this thread because while it was necessary for a short time to resolve a wide-spread issue, is not considered best practices.

Unfortunately, we do not have a firm handle on why some users experience these SSL_VALIDATION errors and others do not. We have theories, but all are unconfirmed so far.

As a rather low-probability first try, can you attempt to get fusion installed with this command line:

> "Fusion 360 Client Downloader.exe" --operation single

This will shift the installer to single-threaded operation which may reduce the chances of failure.

Besides that, would you be willing to try some diagnostics tools we provide over another channel?

Thanks,
Steven

Hello, Steven.

I have executed full cleaning (removal of files). Then I have disconnected UAC, firewall, an antivirus then has executed a command line with the rights of the Administrator:
> "Fusion 360 Client Downloader.exe" --operation single
But it hasn't helped. Same result. The log is enclosed.

> Besides that, would you be willing to try some diagnostics tools we provide over another channel?

Yes, I am ready to try your diagnostics tools for definition of problem.

Thanks.

Best regards,

Vladimir.

Anonymous · ‎08-15-2016

@kkriegel wrote:
I just realized you might be able to get out of this by doing the following: 1. Close fusion360 2. Clear your temporary internet files and browser caches. 3. Run fusion360 and see if it updates correctly. If that doesn't work, you could try removing fusion360 completely and the installing the latest available version.

Hello, kkriegel.

I can't install Fusion 360. I.e. he at me isn't installed yet. I try to install the latest version. Cleaning of files doesn't help.

Thanks.

Best regards,

Vladimir.

svelez · ‎08-16-2016

OK Vladimir,

I have sent you instructions for the diagnostic tool via PM.

Thanks,
Steven

Anonymous · ‎08-17-2016

Hello, Steven.

I have executed the diagnostic tools and have sent result in PM.

Thanks.

Best regards,

Vladimir.

svelez · ‎08-17-2016

I should mention for the benefit of users coming across this thread in the future:

Vladimir was able to find the source of his problem in an antivirus application that performs filtering and inspection of web connections.

This is done by creating replacement security certificates for the websites being filtered, and configuring the system to accept that.

Our installer currently does not support inspecting system configurations in order to make these techniques work, so he was able to find a way to disable this functionality.

We are working towards a solution to this issue, but until we are able to release it at sufficient quality, please investigate whether your anti-virus software performs this "SSL Filtering", and disable it if possible.

Thanks,

Steven

kkriegel · ‎08-17-2016

You probably are thinking about a ton of things to fix this, but please consider:

1. Not implementing your own streaming socket class wrapped in ssl using Python, or if you must, then disable cert caching. Pay attention to the root-chain-anchor trust relationships that can arise.

2. Use urllib3 ssl streams instead of ssl wrapped python streaming sockets.

3. Use platform independent calls in python and let the target o.s. handle everything (I have not researched this).

4. You might be experiencing multiple race conditions during certificate exchanges and file data transfers.

And of course, keep up the excellent work! The meshing environment is kicking butt for me now.

Happy hunting,

Ken

svelez · ‎08-18-2016

Hi Ken,

I am not quite sure what you mean by implementing our own streaming socket class wrapped in ssl using python, but since you seem to be familiar with the technical issues here, I'll go ahead and mention that we try not to implement ANYTHING ourselves whenever possible 🙂

I was not aware of urllib3 until you mentioned it. We have considered moving to the requests library, but at the moment we are using the urllib2 bundled in python which relies on the ssl module bundled in python which in turn uses the openssl C library to do it's secure transport. This library does not support reading root certificates from the system and instead relies on being provided a file (or directory, or string) with a set of root certificates to validate against. Obviously, if we craft this file before delivery, we cannot know what additional certificates have been added to an end user's machine in order to validate legitimate, impersonating certificates. I think both requests and urllib3 would likewise suffer from this problem since they recommend installing and using "certify" which just appears to be a python package for regularly updating a certificate store file.... not to mention that replacing the networking library would be extremely disruptive.

In any case, the installer is currently running against python 3.3. As part of our research to determine what would be necessary to get system root certificates in to the installer, we noticed that python 3.4 was already doing this. I am not sure if this is work that went in to python or an updated openssl, I haven't investigated, but it shouldn't really matter as long as it works. Therefore, we have decided to update the python we use to 3.5... and initial testing seems to indicate it does work as advertised. Of course when you update a major revision of your platform, there are numerous unforeseen problems that arise, and we are dealing with those before exposing the new work to the public 🙂

Thanks,

Steven

kkriegel · ‎08-18-2016

Hi Steven,Sorry, the main point I was trying to make was to try using system-neutral certificate calls. I don't know where to locate everything you would need.I did some more research this morning. Please see the latest Python 3k docs on urllib3 and the docs for openssl. Both appear to have been heavily updated over time to support what I was talking about (including major security fixes), according to the change logs.
I write python code to automate physical measurements. I write stand alone applications with and without Qt guis. I am currently stuck in python2 due to some library issues. It has been my experience that, as long as you're not trying to move from python2 to python3, updating to the latest python gets you nice fixes to all sorts of edge cases you were not even aware of unless you monitored the change logs. Have you tried a virtualenv of the latest python3?
I wasn't aware of urllib3 until this week.
Cheers,Ken

svelez · ‎08-18-2016

Yep. We've been using python 3+ since the project started, and we have been working on updating to 3.5.1 for several weeks now. I am not directly involved in the project, so I don't know the details, but I think just running against the new python (as you would do in a virtualenv) was fairly painless. We are having a little more difficulty making sure the process we use to package the app for use on an end user machine is functional and robust on a wide range of (particularly international) client machines, and since the installer runs embedded in fusion for auto-update ability using the same python runtime as is used for our scripting and automation engine, we have to ensure all current python add-ins continue to work in there as well... particularly when they are owned by third parties.

Steven

Anonymous · ‎01-29-2019

copy paste below.. solution below.. there is nothing below on stock firefox, explorer, chrome... and they are all saying website insecure, trust/unblock images doesn't help. Update your SSL keys OR PROVIDE AN ALTERNATIVE FULL DOWNLOAD!! This is basic rookie stuff. My gaming clan website built as a child over 15 years ago works better than this. I don't have time for this about to find another software because it would be faster than trying to get a solution here.

jeffying · ‎06-25-2019

What is the screenshot? I'm experiencing the same error.

daniel_lyall · ‎06-25-2019

More than likely your antivirus is showing a false flag.

Anonymous · ‎07-09-2019

It is a server side issue, it had nothing to do with antivirus or anything on my pc I was attempting to bring it to some ones attention that runs the servers. A url ssl cert or Secure Socket Layer Certificate is like a cert of authenticity that shows that the packets(files and stuff) got sent from autodesks server ip traveled securely and were not tampered with by a third party in transit.

SSL errors happen when:

*the ssl expires (not likely unless host doesn't have auto renew on a payment to host)

* when a hopserver(internet hub) has packet loss from overheating or storm water (rare)

* your server host machine has a bad SSL generator or lagging cloud server software that issues the SSL (very likely)

Solution for fusion360 staff:

yell at your server host to implement better ssl integration software on your distro servers or use an alternate mirror if fail fallback in the installer.

Solution for users:

it was updated a day later just following up in-case anyone else gets this error. Just wait for them to fix it. Don't waste your time trying to do anything the problem is not on your end.

rschildge · ‎03-06-2020

I'm getting a similar error installing Fusion 360 with an education license on two macbook airs 2019 10.12.6. I currently have Fusion 360 2.0.6045 on the computers and want to upgrade to 2.0.7??? (whatever the current release is as of now). Any advice?

File "/Users/svc_p_bi/Desktop/Jenkins/workspace/ion_client-delivery_hotfix_20-01/Core/Neutron/Installer/Streamer/src/adsk/dls/streamer/netlib.py", line 154, in __init__
urllib.error.URLError: <urlopen error <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1056)>, url:https://dl.appstreaming.autodesk.com/production/97e6dd95735340d6ad6e222a520454db/73e72ada57b7480280f...>

evanss801 · ‎05-14-2024

I am getting the SSL error when trying to use the exe client downloader.

Has this certificate issue with the AUTODESK host server being problematic again?

meister_fuchs · ‎01-08-2025

Honestly, that all seems like a joke to me. Friend asked me to install fusino 360 personal, because he was unable to. I thought, hey, that can't be that hard.

I've been wasting half of my day trying to figure this out. The first problem was, that the download page is buggy as hell. Has any dev ever looked into the console? Omg ..

At least through google I found a way to download the "installer" directly. And then this ...

Why, just why, can't you not just let us download a simple installer that has everything included, like in the good old days of CD-ROMs?

Why do I have to run a wrapper app that loads all the file on the fly? Why just why?

All those downloaders never work and only make things harder for everyone.

Thanks for ruining my day!

@meister_fuchs - this post has been edited due to Community Rules & Etiquette violation.