pip and SSL certificate errors

python certificate ssl

I am trying to install a library via pip. I have a problem with SSL certificate, even when using the --cert. Trying this on windows (pip version 1.5.4,python version 2.7.6):

pip --cert C:\tmp\cacert.pem install robotframework-archivelibrary --proxy http://myproxy

Getting page https://pypi.python.org/simple/robotframework-archivelibrary/ Could not fetch URL https://pypi.python.org/simple/robotframework-archivelibrary/: connection error: [Errno 1] _ssl.c:507: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

Any ideas?


Solution 1:

I had similar error messages due to our corporate firewall intercepting SSL (i.e. a transparent SSL proxy). I exported the root CA cert that signs the firewall certificate in .pem format and appended it to the following file: 

C:\Python27\Lib\site-packages\pip\_vendor\requests\cacert.pem

That resolved my issue. Your issue might not be exactly the same, but if you get the right CA certificates into the above cacert.pem I'm sure you can get passed your SSL certificate verification failure.

Solution 2:

Since --cert doesn't work for you, probably you're using the wrong certificate file.

Most likely you're behind some corporation proxy, so you should export your root certificate by going to the failing URL (e.g. https://pypi.python.org/simple/robotframework-archivelibrary/, see: How to save a remote server SSL certificate locally as a file).

If it's in CER format, convert it into PEM.

Then use that PEM file, e.g.

pip --cert root-cert.pem install robotframework-archivelibrary

See also: pip install fails with “connection error: [SSL: CERTIFICATE_VERIFY_FAILED]".

Solution 3:

If pip complains about Certificate errors, then add some hosts to pip.ini.
Unfortunately Python 3.x on Win10 does not have any pip.ini file, so you have to create it manually from powershell/cmd with:

  • mkdir C:\ProgramData\pip

  • Create a file C:\ProgramData\pip\pip.ini with notepad:

      [global]
  trusted-host = pypi.org (new-line)
                 files.pythonhosted.org

Check it with pip config -v list. You should see this in the last line:

global.trusted-host='pypi.org\nfiles.pythonhosted.org'

The \n denotates a new-line that should be part of the trusted-host entry.

Solution 4:

Add this to your pip config, which on Windows is C:\Users\<user>\pip\pip.ini.

[global]
  trusted-host = pypi.python.org
  proxy = <proxy>:<port>

Find your proxy by following these directions.

Related

How to remove duplicate rows based on some columns
Whats the difference between physical and virtual cache?
TeamViewer doesn't catch Alt+Tab in Linux Mint (Mate)
Powershell script to list scheduled tasks on remote systems
How to configure gnome-terminal to use xterm-256color by default?
different behavior: "sudo nmap" vs just "nmap"?
Adding to SendTo Context Menu in Windows 10
Deleting user defaults under Mac OS X 10.10.3
How to config Windows firewall so VM Host-only can ping Windows 7
Closing open file without killing the process
X-server crashes when using the pen on graphics tablet
FTP issue - FTP open Character encoding issue