GeoIP download and untrusted certificates

[paul-ncx]

I have configured GeoIP to download the zip file from an internal server. The certificate for this server is signed by an internal CA. If I run download_geoip.py directly, it refuses to download the file reporting: OpenSSL.SSL.Error: [('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')]

We already have our internal CA listed in "System: Trust: Authorities", but this does not seem to help.

Has anyone found a way to successfully download GeoIP data in a similar scenario or have any suggestions on what to try?

I have been having this problem since 19.7, but finally felt like I had enough information to make a useful post.