pip can't use custom SSL certificates?
Solution 1
I don't know if this has always been the case, but I've found I also need to set the REQUESTS_CA_BUNDLE environment variable, presumably as pip uses requests and doesn't pass all the config through to it.
Solution 2
I guess you would have to use pip's --cert option.
--cert <path> Path to alternate CA bundle.
There's no indication in the documentation that you can use the cert= option in the pip.conf configuration file. See: https://pip.pypa.io/en/stable/reference/pip/?highlight=proxy#cmdoption-cert
Solution 3
try updating your proxy variables as shown here for http_proxy and https_proxy
https://askubuntu.com/questions/228530/updating-http-proxy-environment-variable
you should need the cert (or declared global cert as you have it above) as well as the proxy. the alternative to setting the variables would be to use it from the command line like [user:passwd@]proxy.server:port
pip install --proxy http://proxy.company.com:80 <package>
Solution 4
Despite what the documentation might say placing cert = PATH_TO_CERTIFICATE_FILE in the pip.conf or pip.ini did indeed work for me, at least for native Windows Python 2.7.13 with pip 9.0.1.
BTW: on windows the configuration file is in %APPDATA%\pip\pip.ini and might have to be created manually (including the pip directory).
KillerSnail
Updated on August 30, 2022Comments
-
KillerSnail over 1 year
I am running ubuntu 13.10 with the latest pip.
I have a whole set of SSL certs for my corporate proxy installed as per: https://askubuntu.com/questions/73287/how-do-i-install-a-root-certificate now.
Firefox no longer complains about unrecognised certs but I still get:
Could not fetch URL http://pypi.python.org/simple/: There was a problem confirming the ssl certificate: [Errno 1] _ssl.c:509: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failedwith pip?
I have tried adding settings to $HOME/.pip/pip.conf
[global] cert = /etc/ssl/certs/mycorporatecert.pemas well
Thanks