pip and SSL certificate errors
I am trying to install a library via pip. I have a problem with SSL certificate, even when using the --cert. Trying this on windows (pip version 1.5.4,python version 2.7.6):
pip --cert C:\tmp\cacert.pem install robotframework-archivelibrary --proxy http://myproxy
Getting page https://pypi.python.org/simple/robotframework-archivelibrary/ Could not fetch URL https://pypi.python.org/simple/robotframework-archivelibrary/: connection error: [Errno 1] _ssl.c:507: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Any ideas?
Solution 1:
I had similar error messages due to our corporate firewall intercepting SSL (i.e. a transparent SSL proxy). I exported the root CA cert that signs the firewall certificate in .pem format and appended it to the following file:
C:\Python27\Lib\site-packages\pip\_vendor\requests\cacert.pem
That resolved my issue. Your issue might not be exactly the same, but if you get the right CA certificates into the above cacert.pem I'm sure you can get passed your SSL certificate verification failure.
Solution 2:
Since --cert
doesn't work for you, probably you're using the wrong certificate file.
Most likely you're behind some corporation proxy, so you should export your root certificate by going to the failing URL (e.g. https://pypi.python.org/simple/robotframework-archivelibrary/
, see: How to save a remote server SSL certificate locally as a file).
If it's in CER format, convert it into PEM.
Then use that PEM file, e.g.
pip --cert root-cert.pem install robotframework-archivelibrary
See also: pip install fails with “connection error: [SSL: CERTIFICATE_VERIFY_FAILED]".
Solution 3:
If pip
complains about Certificate errors, then add some hosts to pip.ini
.
Unfortunately Python 3.x on Win10 does not have any pip.ini
file,
so you have to create it manually from powershell/cmd
with:
-
mkdir C:\ProgramData\pip
-
Create a file
C:\ProgramData\pip\pip.ini
with notepad:[global] trusted-host = pypi.org (new-line) files.pythonhosted.org
Check it with pip config -v list
. You should see this in the last line:
global.trusted-host='pypi.org\nfiles.pythonhosted.org'
The \n
denotates a new-line that should be part of the trusted-host
entry.
Solution 4:
Add this to your pip config, which on Windows is C:\Users\<user>\pip\pip.ini
.
[global]
trusted-host = pypi.python.org
proxy = <proxy>:<port>
Find your proxy by following these directions.