Software ssl certificate issues

From MEG Core
Jump to navigation Jump to search

Browser Issue:




Install certificate in settings > Privacy and Security > Certificates > View Certificates > Import (Authorities tab)


SystemWide certificates:

 UBUNTU:  https://ubuntu.com/server/docs/security-trust-store
 Fedora:  Certs go in /etc/pki/ca-trust/source/anchors  >> update-ca-trust

Pip and Conda SSL certificates:

PIP Error:

 Could not fetch URL https://pypi.org/simple/pip/: There was a problem confirming the ssl certificate: HTTPSConnectionPool(host='pypi.org', port=443): Max retries exceeded with url: /simple/pip/ (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1091)'))) - skipping

Conda Error:

 Collecting package metadata (current_repodata.json): done
 Solving environment: done
 
 CondaHTTPError: HTTP 000 CONNECTION FAILED for url <https://repo.anaconda.com/pkgs/main/linux-64/current_repodata.json>
 Elapsed: -
 
 An HTTP error occurred when trying to retrieve this URL.
 HTTP errors are often intermittent, and a simple retry will get you on your way.
 
 If your current network has https://www.anaconda.com blocked, please file
 a support request with your network engineering team.
 
 'https://repo.anaconda.com/pkgs/main/linux-64'

OR

 Looking for: ['ipython']
 
 pkgs/main/linux-64       [====================] (00m:06s) 0 Failed
 pkgs/r/linux-64          [====================] (00m:06s) 0 Failed
 pkgs/main/noarch         [>  ] (00m:06s) SSL peer certificate or SSH remote key was not OK
 pkgs/r/noarch            [>  ] (00m:06s) SSL peer certificate or SSH remote key was not OK
 
 # >>>>>>>>>>>>>>>>>>>>>> ERROR REPORT <<<<<<<<<<<<<<<<<<<<<<
 
     Traceback (most recent call last):
       File "/home/jstout/miniconda3/lib/python3.8/site-packages/conda/exceptions.py", line 1082, in __call__

Answer:

 +++++++++++++++++++++++++++++++++++++
 #This works as of 10/10/22 - use this
 pip config set http.sslVerify False
 conda config --set ssl_verify False
 ++++++++++++++++++++++++++++++++++++

Answer:

https://stackoverflow.com/questions/39356413/how-to-add-a-custom-ca-root-certificate-to-the-ca-store-used-by-pip-in-windows

 #From the Website above
 pip config set global.cert path/to/ca-bundle.crt
 pip config list
 conda config --set ssl_verify path/to/ca-bundle.crt
 conda config --set ssl_verify False
 conda config --show ssl_verify
 
 # Bonus while we are here...
 git config --global http.sslVerify true
 git config --global http.sslCAInfo path/to/ca-bundle.crt

Answer2 (if the other doesn't work)

This can be put in the .bashrc file

 export REQUESTS_CA_BUNDLE=${PATH to cert file}  
 #May look like:  export REQUESTS_CA_BUNDLE=/usr/local/share/ca-certificates/${NIHDPKI...crt}


Single use:

 pip --cert ${certificate path} pip_command