Software ssl certificate issues: Difference between revisions
Jump to navigation
Jump to search
Content added Content deleted
(Created page with "SystemWide certificates: UBUNTU: https://ubuntu.com/server/docs/security-trust-store Pip and conda SSL certificates: https://stackoverflow.com/questions/39356413/how-to-ad...") |
|||
(14 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
==Browser Issue:== |
|||
⚫ | |||
[[File:CERT_issue.jpg|700px]] |
|||
<br> |
|||
<br> |
|||
<br> Install certificate in settings > Privacy and Security > Certificates > View Certificates > Import (Authorities tab) <br> |
|||
[[File:CERT_firefox_install_loc.png|700px]] |
|||
<br> |
|||
⚫ | |||
UBUNTU: https://ubuntu.com/server/docs/security-trust-store |
UBUNTU: https://ubuntu.com/server/docs/security-trust-store |
||
Fedora: Certs go in /etc/pki/ca-trust/source/anchors >> update-ca-trust |
|||
Pip and |
==Pip and Conda SSL certificates:== |
||
===PIP Error:=== |
|||
Could not fetch URL https://pypi.org/simple/pip/: There was a problem confirming the ssl certificate: HTTPSConnectionPool(host='pypi.org', port=443): Max retries exceeded with url: /simple/pip/ (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1091)'))) - skipping |
|||
===Conda Error:=== |
|||
Collecting package metadata (current_repodata.json): done |
|||
Solving environment: done |
|||
CondaHTTPError: HTTP 000 CONNECTION FAILED for url <https://repo.anaconda.com/pkgs/main/linux-64/current_repodata.json> |
|||
Elapsed: - |
|||
An HTTP error occurred when trying to retrieve this URL. |
|||
HTTP errors are often intermittent, and a simple retry will get you on your way. |
|||
If your current network has https://www.anaconda.com blocked, please file |
|||
a support request with your network engineering team. |
|||
'https://repo.anaconda.com/pkgs/main/linux-64' |
|||
OR |
|||
Looking for: ['ipython'] |
|||
pkgs/main/linux-64 [====================] (00m:06s) 0 Failed |
|||
pkgs/r/linux-64 [====================] (00m:06s) 0 Failed |
|||
pkgs/main/noarch [> ] (00m:06s) SSL peer certificate or SSH remote key was not OK |
|||
pkgs/r/noarch [> ] (00m:06s) SSL peer certificate or SSH remote key was not OK |
|||
# >>>>>>>>>>>>>>>>>>>>>> ERROR REPORT <<<<<<<<<<<<<<<<<<<<<< |
|||
Traceback (most recent call last): |
|||
File "/home/jstout/miniconda3/lib/python3.8/site-packages/conda/exceptions.py", line 1082, in __call__ |
|||
===Answer:=== |
|||
+++++++++++++++++++++++++++++++++++++ |
|||
#This works as of 10/10/22 - use this |
|||
pip config set http.sslVerify False |
|||
conda config --set ssl_verify False |
|||
++++++++++++++++++++++++++++++++++++ |
|||
===Answer:=== |
|||
https://stackoverflow.com/questions/39356413/how-to-add-a-custom-ca-root-certificate-to-the-ca-store-used-by-pip-in-windows |
https://stackoverflow.com/questions/39356413/how-to-add-a-custom-ca-root-certificate-to-the-ca-store-used-by-pip-in-windows |
||
#From the Website above |
#From the Website above |
||
Line 8: | Line 58: | ||
pip config list |
pip config list |
||
conda config --set ssl_verify path/to/ca-bundle.crt |
conda config --set ssl_verify path/to/ca-bundle.crt |
||
conda config --set ssl_verify False |
|||
conda config --show ssl_verify |
conda config --show ssl_verify |
||
Line 13: | Line 64: | ||
git config --global http.sslVerify true |
git config --global http.sslVerify true |
||
git config --global http.sslCAInfo path/to/ca-bundle.crt |
git config --global http.sslCAInfo path/to/ca-bundle.crt |
||
===Answer2 (if the other doesn't work)=== |
|||
This can be put in the .bashrc file |
|||
export REQUESTS_CA_BUNDLE=${PATH to cert file} |
|||
#May look like: export REQUESTS_CA_BUNDLE=/usr/local/share/ca-certificates/${NIHDPKI...crt} |
|||
Latest revision as of 14:28, 12 October 2022
Browser Issue:
Install certificate in settings > Privacy and Security > Certificates > View Certificates > Import (Authorities tab)
SystemWide certificates:
UBUNTU: https://ubuntu.com/server/docs/security-trust-store Fedora: Certs go in /etc/pki/ca-trust/source/anchors >> update-ca-trust
Pip and Conda SSL certificates:
PIP Error:
Could not fetch URL https://pypi.org/simple/pip/: There was a problem confirming the ssl certificate: HTTPSConnectionPool(host='pypi.org', port=443): Max retries exceeded with url: /simple/pip/ (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1091)'))) - skipping
Conda Error:
Collecting package metadata (current_repodata.json): done Solving environment: done CondaHTTPError: HTTP 000 CONNECTION FAILED for url <https://repo.anaconda.com/pkgs/main/linux-64/current_repodata.json> Elapsed: - An HTTP error occurred when trying to retrieve this URL. HTTP errors are often intermittent, and a simple retry will get you on your way. If your current network has https://www.anaconda.com blocked, please file a support request with your network engineering team. 'https://repo.anaconda.com/pkgs/main/linux-64'
OR
Looking for: ['ipython'] pkgs/main/linux-64 [====================] (00m:06s) 0 Failed pkgs/r/linux-64 [====================] (00m:06s) 0 Failed pkgs/main/noarch [> ] (00m:06s) SSL peer certificate or SSH remote key was not OK pkgs/r/noarch [> ] (00m:06s) SSL peer certificate or SSH remote key was not OK # >>>>>>>>>>>>>>>>>>>>>> ERROR REPORT <<<<<<<<<<<<<<<<<<<<<< Traceback (most recent call last): File "/home/jstout/miniconda3/lib/python3.8/site-packages/conda/exceptions.py", line 1082, in __call__
Answer:
+++++++++++++++++++++++++++++++++++++ #This works as of 10/10/22 - use this pip config set http.sslVerify False conda config --set ssl_verify False ++++++++++++++++++++++++++++++++++++
Answer:
#From the Website above pip config set global.cert path/to/ca-bundle.crt pip config list conda config --set ssl_verify path/to/ca-bundle.crt conda config --set ssl_verify False conda config --show ssl_verify # Bonus while we are here... git config --global http.sslVerify true git config --global http.sslCAInfo path/to/ca-bundle.crt
Answer2 (if the other doesn't work)
This can be put in the .bashrc file
export REQUESTS_CA_BUNDLE=${PATH to cert file} #May look like: export REQUESTS_CA_BUNDLE=/usr/local/share/ca-certificates/${NIHDPKI...crt}
Single use:
pip --cert ${certificate path} pip_command