Software ssl certificate issues: Difference between revisions
Jump to navigation
Jump to search
Content added Content deleted
No edit summary |
|||
(12 intermediate revisions by the same user not shown) | |||
Line 1:
==Browser Issue:==
[[File:
<br>
<br>
<br> Install certificate in settings > Privacy and Security > Certificates > View Certificates > Import (Authorities tab) <br>
[[File:CERT_firefox_install_loc.png|700px]]
<br>
==SystemWide certificates:==
UBUNTU: https://ubuntu.com/server/docs/security-trust-store
Fedora: Certs go in /etc/pki/ca-trust/source/anchors >> update-ca-trust
==Pip and
Could not fetch URL https://pypi.org/simple/pip/: There was a problem confirming the ssl certificate: HTTPSConnectionPool(host='pypi.org', port=443): Max retries exceeded with url: /simple/pip/ (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1091)'))) - skipping
===Conda Error:===
<br>Answer:▼
Collecting package metadata (current_repodata.json): done
Solving environment: done
CondaHTTPError: HTTP 000 CONNECTION FAILED for url <https://repo.anaconda.com/pkgs/main/linux-64/current_repodata.json>
Elapsed: -
An HTTP error occurred when trying to retrieve this URL.
HTTP errors are often intermittent, and a simple retry will get you on your way.
If your current network has https://www.anaconda.com blocked, please file
a support request with your network engineering team.
'https://repo.anaconda.com/pkgs/main/linux-64'
OR
Looking for: ['ipython']
pkgs/main/linux-64 [====================] (00m:06s) 0 Failed
pkgs/r/linux-64 [====================] (00m:06s) 0 Failed
pkgs/main/noarch [> ] (00m:06s) SSL peer certificate or SSH remote key was not OK
pkgs/r/noarch [> ] (00m:06s) SSL peer certificate or SSH remote key was not OK
# >>>>>>>>>>>>>>>>>>>>>> ERROR REPORT <<<<<<<<<<<<<<<<<<<<<<
Traceback (most recent call last):
File "/home/jstout/miniconda3/lib/python3.8/site-packages/conda/exceptions.py", line 1082, in __call__
+++++++++++++++++++++++++++++++++++++
#This works as of 10/10/22 - use this
pip config set http.sslVerify False
conda config --set ssl_verify False
++++++++++++++++++++++++++++++++++++
===Answer:===
https://stackoverflow.com/questions/39356413/how-to-add-a-custom-ca-root-certificate-to-the-ca-store-used-by-pip-in-windows
#From the Website above
Line 16 ⟶ 58:
pip config list
conda config --set ssl_verify path/to/ca-bundle.crt
conda config --set ssl_verify False
conda config --show ssl_verify
Line 21 ⟶ 64:
git config --global http.sslVerify true
git config --global http.sslCAInfo path/to/ca-bundle.crt
===Answer2 (if the other doesn't work)===
This can be put in the .bashrc file
export REQUESTS_CA_BUNDLE=${PATH to cert file}
#May look like: export REQUESTS_CA_BUNDLE=/usr/local/share/ca-certificates/${NIHDPKI...crt}
|
Latest revision as of 14:28, 12 October 2022
Browser Issue:
Install certificate in settings > Privacy and Security > Certificates > View Certificates > Import (Authorities tab)
SystemWide certificates:
UBUNTU: https://ubuntu.com/server/docs/security-trust-store Fedora: Certs go in /etc/pki/ca-trust/source/anchors >> update-ca-trust
Pip and Conda SSL certificates:
PIP Error:
Could not fetch URL https://pypi.org/simple/pip/: There was a problem confirming the ssl certificate: HTTPSConnectionPool(host='pypi.org', port=443): Max retries exceeded with url: /simple/pip/ (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1091)'))) - skipping
Conda Error:
Collecting package metadata (current_repodata.json): done Solving environment: done CondaHTTPError: HTTP 000 CONNECTION FAILED for url <https://repo.anaconda.com/pkgs/main/linux-64/current_repodata.json> Elapsed: - An HTTP error occurred when trying to retrieve this URL. HTTP errors are often intermittent, and a simple retry will get you on your way. If your current network has https://www.anaconda.com blocked, please file a support request with your network engineering team. 'https://repo.anaconda.com/pkgs/main/linux-64'
OR
Looking for: ['ipython'] pkgs/main/linux-64 [====================] (00m:06s) 0 Failed pkgs/r/linux-64 [====================] (00m:06s) 0 Failed pkgs/main/noarch [> ] (00m:06s) SSL peer certificate or SSH remote key was not OK pkgs/r/noarch [> ] (00m:06s) SSL peer certificate or SSH remote key was not OK # >>>>>>>>>>>>>>>>>>>>>> ERROR REPORT <<<<<<<<<<<<<<<<<<<<<< Traceback (most recent call last): File "/home/jstout/miniconda3/lib/python3.8/site-packages/conda/exceptions.py", line 1082, in __call__
Answer:
+++++++++++++++++++++++++++++++++++++ #This works as of 10/10/22 - use this pip config set http.sslVerify False conda config --set ssl_verify False ++++++++++++++++++++++++++++++++++++
Answer:
#From the Website above pip config set global.cert path/to/ca-bundle.crt pip config list conda config --set ssl_verify path/to/ca-bundle.crt conda config --set ssl_verify False conda config --show ssl_verify # Bonus while we are here... git config --global http.sslVerify true git config --global http.sslCAInfo path/to/ca-bundle.crt
Answer2 (if the other doesn't work)
This can be put in the .bashrc file
export REQUESTS_CA_BUNDLE=${PATH to cert file} #May look like: export REQUESTS_CA_BUNDLE=/usr/local/share/ca-certificates/${NIHDPKI...crt}
Single use:
pip --cert ${certificate path} pip_command