Software ssl certificate issues

From MEG Core
Revision as of 13:15, 2 August 2022 by Jstout (talk | contribs) (→‎Answer:)
Jump to navigation Jump to search

Browser Issue:

CERT issue.jpg

Install certificate in settings > Privacy and Security > Certificates > View Certificates > Import (Authorities tab)
CERT firefox install loc.png

SystemWide certificates:

 Fedora:  Certs go in /etc/pki/ca-trust/source/anchors  >> update-ca-trust

Pip and Conda SSL certificates:

PIP Error:

 Could not fetch URL There was a problem confirming the ssl certificate: HTTPSConnectionPool(host='', port=443): Max retries exceeded with url: /simple/pip/ (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1091)'))) - skipping

Conda Error:

 Collecting package metadata (current_repodata.json): done
 Solving environment: done
 CondaHTTPError: HTTP 000 CONNECTION FAILED for url <>
 Elapsed: -
 An HTTP error occurred when trying to retrieve this URL.
 HTTP errors are often intermittent, and a simple retry will get you on your way.
 If your current network has blocked, please file
 a support request with your network engineering team.


 Looking for: ['ipython']
 pkgs/main/linux-64       [====================] (00m:06s) 0 Failed
 pkgs/r/linux-64          [====================] (00m:06s) 0 Failed
 pkgs/main/noarch         [>  ] (00m:06s) SSL peer certificate or SSH remote key was not OK
 pkgs/r/noarch            [>  ] (00m:06s) SSL peer certificate or SSH remote key was not OK
 # >>>>>>>>>>>>>>>>>>>>>> ERROR REPORT <<<<<<<<<<<<<<<<<<<<<<
     Traceback (most recent call last):
       File "/home/jstout/miniconda3/lib/python3.8/site-packages/conda/", line 1082, in __call__


 #From the Website above
 pip config set global.cert path/to/ca-bundle.crt
 pip config list
 conda config --set ssl_verify path/to/ca-bundle.crt
 conda config --set ssl_verify False
 conda config --show ssl_verify
 # Bonus while we are here...
 git config --global http.sslVerify true
 git config --global http.sslCAInfo path/to/ca-bundle.crt

Answer2 (if the other doesn't work)

This can be put in the .bashrc file

 export REQUESTS_CA_BUNDLE=${PATH to cert file}  
 #May look like:  export REQUESTS_CA_BUNDLE=/usr/local/share/ca-certificates/${NIHDPKI...crt}

Single use:

 pip --cert ${certificate path} pip_command