Difference between revisions of "Software ssl certificate issues"

From MEG Core
Jump to navigation Jump to search
 
(10 intermediate revisions by the same user not shown)
Line 1: Line 1:
Browser Issue:
==Browser Issue:==
[[File:Cert_Issue.jpg]]
[[File:CERT_issue.jpg|700px]]
<br>
<br>
<br> Install certificate in settings > Privacy and Security > Certificates > View Certificates > Import (Authorities tab) <br>
[[File:CERT_firefox_install_loc.png|700px]]
<br>




SystemWide certificates:
==SystemWide certificates:==
UBUNTU: https://ubuntu.com/server/docs/security-trust-store
UBUNTU: https://ubuntu.com/server/docs/security-trust-store
Fedora: Certs go in /etc/pki/ca-trust/source/anchors >> update-ca-trust


Pip and conda SSL certificates:
==Pip and Conda SSL certificates:==
<br>Error:
===PIP Error:===
Could not fetch URL https://pypi.org/simple/pip/: There was a problem confirming the ssl certificate: HTTPSConnectionPool(host='pypi.org', port=443): Max retries exceeded with url: /simple/pip/ (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1091)'))) - skipping
Could not fetch URL https://pypi.org/simple/pip/: There was a problem confirming the ssl certificate: HTTPSConnectionPool(host='pypi.org', port=443): Max retries exceeded with url: /simple/pip/ (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1091)'))) - skipping


===Conda Error:===
<br>Answer:
Collecting package metadata (current_repodata.json): done
Solving environment: done
CondaHTTPError: HTTP 000 CONNECTION FAILED for url <https://repo.anaconda.com/pkgs/main/linux-64/current_repodata.json>
Elapsed: -
An HTTP error occurred when trying to retrieve this URL.
HTTP errors are often intermittent, and a simple retry will get you on your way.
If your current network has https://www.anaconda.com blocked, please file
a support request with your network engineering team.
'https://repo.anaconda.com/pkgs/main/linux-64'

OR

Looking for: ['ipython']
pkgs/main/linux-64 [====================] (00m:06s) 0 Failed
pkgs/r/linux-64 [====================] (00m:06s) 0 Failed
pkgs/main/noarch [> ] (00m:06s) SSL peer certificate or SSH remote key was not OK
pkgs/r/noarch [> ] (00m:06s) SSL peer certificate or SSH remote key was not OK
# >>>>>>>>>>>>>>>>>>>>>> ERROR REPORT <<<<<<<<<<<<<<<<<<<<<<
Traceback (most recent call last):
File "/home/jstout/miniconda3/lib/python3.8/site-packages/conda/exceptions.py", line 1082, in __call__

===Answer:===
https://stackoverflow.com/questions/39356413/how-to-add-a-custom-ca-root-certificate-to-the-ca-store-used-by-pip-in-windows
https://stackoverflow.com/questions/39356413/how-to-add-a-custom-ca-root-certificate-to-the-ca-store-used-by-pip-in-windows
#From the Website above
#From the Website above
Line 16: Line 51:
pip config list
pip config list
conda config --set ssl_verify path/to/ca-bundle.crt
conda config --set ssl_verify path/to/ca-bundle.crt
conda config --set ssl_verify False
conda config --show ssl_verify
conda config --show ssl_verify
Line 21: Line 57:
git config --global http.sslVerify true
git config --global http.sslVerify true
git config --global http.sslCAInfo path/to/ca-bundle.crt
git config --global http.sslCAInfo path/to/ca-bundle.crt

===Answer2 (if the other doesn't work)===
This can be put in the .bashrc file
export REQUESTS_CA_BUNDLE=${PATH to cert file}
#May look like: export REQUESTS_CA_BUNDLE=/usr/local/share/ca-certificates/${NIHDPKI...crt}





Latest revision as of 14:15, 2 August 2022

Browser Issue:

CERT issue.jpg


Install certificate in settings > Privacy and Security > Certificates > View Certificates > Import (Authorities tab)
CERT firefox install loc.png


SystemWide certificates:

 UBUNTU:  https://ubuntu.com/server/docs/security-trust-store
 Fedora:  Certs go in /etc/pki/ca-trust/source/anchors  >> update-ca-trust

Pip and Conda SSL certificates:

PIP Error:

 Could not fetch URL https://pypi.org/simple/pip/: There was a problem confirming the ssl certificate: HTTPSConnectionPool(host='pypi.org', port=443): Max retries exceeded with url: /simple/pip/ (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1091)'))) - skipping

Conda Error:

 Collecting package metadata (current_repodata.json): done
 Solving environment: done
 
 CondaHTTPError: HTTP 000 CONNECTION FAILED for url <https://repo.anaconda.com/pkgs/main/linux-64/current_repodata.json>
 Elapsed: -
 
 An HTTP error occurred when trying to retrieve this URL.
 HTTP errors are often intermittent, and a simple retry will get you on your way.
 
 If your current network has https://www.anaconda.com blocked, please file
 a support request with your network engineering team.
 
 'https://repo.anaconda.com/pkgs/main/linux-64'

OR

 Looking for: ['ipython']
 
 pkgs/main/linux-64       [====================] (00m:06s) 0 Failed
 pkgs/r/linux-64          [====================] (00m:06s) 0 Failed
 pkgs/main/noarch         [>  ] (00m:06s) SSL peer certificate or SSH remote key was not OK
 pkgs/r/noarch            [>  ] (00m:06s) SSL peer certificate or SSH remote key was not OK
 
 # >>>>>>>>>>>>>>>>>>>>>> ERROR REPORT <<<<<<<<<<<<<<<<<<<<<<
 
     Traceback (most recent call last):
       File "/home/jstout/miniconda3/lib/python3.8/site-packages/conda/exceptions.py", line 1082, in __call__

Answer:

https://stackoverflow.com/questions/39356413/how-to-add-a-custom-ca-root-certificate-to-the-ca-store-used-by-pip-in-windows

 #From the Website above
 pip config set global.cert path/to/ca-bundle.crt
 pip config list
 conda config --set ssl_verify path/to/ca-bundle.crt
 conda config --set ssl_verify False
 conda config --show ssl_verify
 
 # Bonus while we are here...
 git config --global http.sslVerify true
 git config --global http.sslCAInfo path/to/ca-bundle.crt

Answer2 (if the other doesn't work)

This can be put in the .bashrc file

 export REQUESTS_CA_BUNDLE=${PATH to cert file}  
 #May look like:  export REQUESTS_CA_BUNDLE=/usr/local/share/ca-certificates/${NIHDPKI...crt}


Single use:

 pip --cert ${certificate path} pip_command