I am connected to an enterprise network and Caesr doe not work. What can I do?

Last updated: September 18, 2025

This guide will help you troubleshoot common network-related issues that can prevent AskUI from functioning correctly within a corporate or enterprise network environment. These issues often stem from proxy servers, deep package inspection (DPI), or firewalls.

1. Firewall Configuration

If your company's firewall is blocking AskUI's access, you will need to ask your IT or network administrator to whitelist the required domains.

Domains to Whitelist:

Make sure the following domains are accessible through your network, typically on port 443 (HTTPS).

AskUI Services:

  • *.askui.com

  • workspaces.askui.com

  • inference.askui.com

  • files.askui.com

Python Package Downloads:

  • pypi.python.org

  • pypi.org

  • pythonhosted.org

  • files.pythonhosted.org

2. Proxy Configuration

If you are using the AskUI Shell instead of the desktop application, you might run into proxy issues. The AskUI Shell is designed to automatically detect and configure proxy settings. This is the recommended and easiest method.

Recommended: Proxy Autodetection The AskUI Shell automatically starts a local proxy and sets the HTTP_PROXY environment variables. If this doesn't work, you may need to try alternative options.

Alternative Options:

  • Manual Proxy Configuration: If autodetection fails, you can manually set the proxy settings using the AskUI Shell command:

    Bash

    AskUI-SetSettings -HttpProxy <proxy_address> -HttpsProxy <proxy_address>

  • Manual Local Proxy Start: For advanced users who need more control, you can manually start the local proxy. Refer to the PxProxy documentation for detailed instructions.

3. Deep Package Inspection (DPI) and Self-Signed Certificates

Many enterprise proxies, such as Zscaler, use deep package inspection to analyze network traffic. This process can break the TLS connection by adding a self-signed certificate, which can lead to the following errors:

  • RequestError: self signed certificate

  • RequestError: unable to verify the first certificate

To resolve this, you need to add the company's self-signed certificate as an extra CA certificate that AskUI can trust.

Step-by-Step Instructions:

  1. Open the certificate viewer in your browser:

    • Chrome: Click the Lock-icon to the left of your browser bar. This may open the certificate viewer directly or a "Site Information" menu where you need to select "Connection is Secure" -> "Certificate is Valid".

    • Firefox: Click the Lock-icon, then "Connection Secure" -> "More Information". Select the "Security" tab and click "View Certificate".

  2. Find and Export the Certificate:

    • Chrome: Open the Details tab, select the certificate (often a "GTS Root R1" or similar for Google services), and click Export….

    • Firefox: Under Miscellaneous, you will find an option to download the certificate.

  3. Save the Certificate: Save the certificate file (e.g., as a .cer or .pem file) to a location you can easily access.

  4. Load the Certificate into AskUI: Use the AskUI-SetSettings command to load the certificate:

    Bash

    AskUI-SetSettings -ServerIdentityCertificate "<path_to_your_certificate_file>"