Can I get around using “pip install --cert”?












17















Trying to figure out if there is a way that I can avoid using the --cert flag to pip when I am installing packages at work. There is some issue with the proxy that only allows me to download the packages I need when I provide that flag, despite adding the mycert.crt file to /usr/local/share/ca-certificates and running sudo update-ca-certificates.



An example of the messages I'm seeing is:



$ pip install "virtualenv>=1.10.1"
Downloading/unpacking virtualenv>=1.10.1
Could not fetch URL https://pypi.python.org/simple/virtualenv/: There was a problem confirming the ssl certificate: <urlopen error [Errno 1] _ssl.c:504: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed>
Will skip URL https://pypi.python.org/simple/virtualenv/ when looking for download links for virtualenv>=1.10.1
Could not fetch URL https://pypi.python.org/simple/: There was a problem confirming the ssl certificate: <urlopen error [Errno 1] _ssl.c:504: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed>
Will skip URL https://pypi.python.org/simple/ when looking for download links for virtualenv>=1.10.1
Cannot fetch index base URL https://pypi.python.org/simple/
Could not fetch URL https://pypi.python.org/simple/virtualenv/: There was a problem confirming the ssl certificate: <urlopen error [Errno 1] _ssl.c:504: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed>
Will skip URL https://pypi.python.org/simple/virtualenv/ when looking for download links for virtualenv>=1.10.1
Could not find any downloads that satisfy the requirement virtualenv>=1.10.1
Cleaning up...
No distributions at all found for virtualenv>=1.10.1
Storing complete log in /tmp/tmpwW5qXD


This can be solved with instead using:



pip install --cert=/usr/local/share/ca-certificates/mycert.crt


However, I would prefer to not have to do so (as I'm sure other applications bump into this issue).



I am running Linux Mint 15 (though I previously had very similar issues on Ubuntu 12.04), pip version 1.4.1.










share|improve this question























  • This could be a potential duplicate of this stackoverflow.com/questions/19377045/… .. I'm not sure what the policy is for aggregating etc.

    – Ryan
    Dec 19 '13 at 19:09
















17















Trying to figure out if there is a way that I can avoid using the --cert flag to pip when I am installing packages at work. There is some issue with the proxy that only allows me to download the packages I need when I provide that flag, despite adding the mycert.crt file to /usr/local/share/ca-certificates and running sudo update-ca-certificates.



An example of the messages I'm seeing is:



$ pip install "virtualenv>=1.10.1"
Downloading/unpacking virtualenv>=1.10.1
Could not fetch URL https://pypi.python.org/simple/virtualenv/: There was a problem confirming the ssl certificate: <urlopen error [Errno 1] _ssl.c:504: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed>
Will skip URL https://pypi.python.org/simple/virtualenv/ when looking for download links for virtualenv>=1.10.1
Could not fetch URL https://pypi.python.org/simple/: There was a problem confirming the ssl certificate: <urlopen error [Errno 1] _ssl.c:504: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed>
Will skip URL https://pypi.python.org/simple/ when looking for download links for virtualenv>=1.10.1
Cannot fetch index base URL https://pypi.python.org/simple/
Could not fetch URL https://pypi.python.org/simple/virtualenv/: There was a problem confirming the ssl certificate: <urlopen error [Errno 1] _ssl.c:504: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed>
Will skip URL https://pypi.python.org/simple/virtualenv/ when looking for download links for virtualenv>=1.10.1
Could not find any downloads that satisfy the requirement virtualenv>=1.10.1
Cleaning up...
No distributions at all found for virtualenv>=1.10.1
Storing complete log in /tmp/tmpwW5qXD


This can be solved with instead using:



pip install --cert=/usr/local/share/ca-certificates/mycert.crt


However, I would prefer to not have to do so (as I'm sure other applications bump into this issue).



I am running Linux Mint 15 (though I previously had very similar issues on Ubuntu 12.04), pip version 1.4.1.










share|improve this question























  • This could be a potential duplicate of this stackoverflow.com/questions/19377045/… .. I'm not sure what the policy is for aggregating etc.

    – Ryan
    Dec 19 '13 at 19:09














17












17








17


2






Trying to figure out if there is a way that I can avoid using the --cert flag to pip when I am installing packages at work. There is some issue with the proxy that only allows me to download the packages I need when I provide that flag, despite adding the mycert.crt file to /usr/local/share/ca-certificates and running sudo update-ca-certificates.



An example of the messages I'm seeing is:



$ pip install "virtualenv>=1.10.1"
Downloading/unpacking virtualenv>=1.10.1
Could not fetch URL https://pypi.python.org/simple/virtualenv/: There was a problem confirming the ssl certificate: <urlopen error [Errno 1] _ssl.c:504: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed>
Will skip URL https://pypi.python.org/simple/virtualenv/ when looking for download links for virtualenv>=1.10.1
Could not fetch URL https://pypi.python.org/simple/: There was a problem confirming the ssl certificate: <urlopen error [Errno 1] _ssl.c:504: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed>
Will skip URL https://pypi.python.org/simple/ when looking for download links for virtualenv>=1.10.1
Cannot fetch index base URL https://pypi.python.org/simple/
Could not fetch URL https://pypi.python.org/simple/virtualenv/: There was a problem confirming the ssl certificate: <urlopen error [Errno 1] _ssl.c:504: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed>
Will skip URL https://pypi.python.org/simple/virtualenv/ when looking for download links for virtualenv>=1.10.1
Could not find any downloads that satisfy the requirement virtualenv>=1.10.1
Cleaning up...
No distributions at all found for virtualenv>=1.10.1
Storing complete log in /tmp/tmpwW5qXD


This can be solved with instead using:



pip install --cert=/usr/local/share/ca-certificates/mycert.crt


However, I would prefer to not have to do so (as I'm sure other applications bump into this issue).



I am running Linux Mint 15 (though I previously had very similar issues on Ubuntu 12.04), pip version 1.4.1.










share|improve this question














Trying to figure out if there is a way that I can avoid using the --cert flag to pip when I am installing packages at work. There is some issue with the proxy that only allows me to download the packages I need when I provide that flag, despite adding the mycert.crt file to /usr/local/share/ca-certificates and running sudo update-ca-certificates.



An example of the messages I'm seeing is:



$ pip install "virtualenv>=1.10.1"
Downloading/unpacking virtualenv>=1.10.1
Could not fetch URL https://pypi.python.org/simple/virtualenv/: There was a problem confirming the ssl certificate: <urlopen error [Errno 1] _ssl.c:504: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed>
Will skip URL https://pypi.python.org/simple/virtualenv/ when looking for download links for virtualenv>=1.10.1
Could not fetch URL https://pypi.python.org/simple/: There was a problem confirming the ssl certificate: <urlopen error [Errno 1] _ssl.c:504: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed>
Will skip URL https://pypi.python.org/simple/ when looking for download links for virtualenv>=1.10.1
Cannot fetch index base URL https://pypi.python.org/simple/
Could not fetch URL https://pypi.python.org/simple/virtualenv/: There was a problem confirming the ssl certificate: <urlopen error [Errno 1] _ssl.c:504: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed>
Will skip URL https://pypi.python.org/simple/virtualenv/ when looking for download links for virtualenv>=1.10.1
Could not find any downloads that satisfy the requirement virtualenv>=1.10.1
Cleaning up...
No distributions at all found for virtualenv>=1.10.1
Storing complete log in /tmp/tmpwW5qXD


This can be solved with instead using:



pip install --cert=/usr/local/share/ca-certificates/mycert.crt


However, I would prefer to not have to do so (as I'm sure other applications bump into this issue).



I am running Linux Mint 15 (though I previously had very similar issues on Ubuntu 12.04), pip version 1.4.1.







linux ubuntu linux-mint ssl certificate






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Oct 25 '13 at 0:15









Ian LeeIan Lee

188116




188116













  • This could be a potential duplicate of this stackoverflow.com/questions/19377045/… .. I'm not sure what the policy is for aggregating etc.

    – Ryan
    Dec 19 '13 at 19:09



















  • This could be a potential duplicate of this stackoverflow.com/questions/19377045/… .. I'm not sure what the policy is for aggregating etc.

    – Ryan
    Dec 19 '13 at 19:09

















This could be a potential duplicate of this stackoverflow.com/questions/19377045/… .. I'm not sure what the policy is for aggregating etc.

– Ryan
Dec 19 '13 at 19:09





This could be a potential duplicate of this stackoverflow.com/questions/19377045/… .. I'm not sure what the policy is for aggregating etc.

– Ryan
Dec 19 '13 at 19:09










3 Answers
3






active

oldest

votes


















8














You can set that through the pip configuration file, which is in $HOME/.pip/pip.conf or %APPDATA%pippip.ini on Windows:



[global]
cert = /usr/local/share/ca-certificate/mycert.crt


This file lets you set basically all the flags that are used by pip. Full documentation is at https://pip.pypa.io/en/latest/user_guide/#configuration






share|improve this answer





















  • 2





    I think your comment on my original post leads to the real answer, which is that pip does not use the system certs. This is a good solution, though it runs into issues when I'm switching between the work and home environments (over VPN). More an issue with the cert than the solution though.

    – Ian Lee
    Mar 24 '14 at 21:39








  • 1





    Updated link to configuration: pip.pypa.io/en/latest/user_guide.html#configuration

    – sequoia
    Jul 25 '15 at 0:51



















4














For me, non of the config-file workarounds worked. I'm using pip 1.5.4 on Ubuntu 14.04



What eventually worked for me is installing the certificate on the system first (for me on ubuntu this would be)



sudo cp ~/my_cert.crt /usr/local/share/ca-certificates/
sudo update-ca-certificates


The previous automatically updates the bundle file (checking at the bottom of /etc/ssl/certs/ca-certificates.crt you should now see the same certificate as in my_cert.crt)



Now use that path in PIP_CERT. And add it to my .bashrc:



echo export PIP_CERT=/etc/ssl/certs/ca-certificates.crt >> ~/.bashrc


DISCLAIMER: I already posted this answer in SO (same answer as in the 'eventually duplicated link above', but at the beginning I didn't find the other (eventually duplicated answer)... so if someone like me gets here first, then this might help.



Maybe I'm breaking some kind of rules to post the same answer twice, one in SO and the other one in superuser. If so, sorry about that.






share|improve this answer

































    1














    This worked for me without needing to know where the config file lives:



    python -m pip config set global.cert C:\Path\cert.crt


    I believe you need pip version 10+, which you can find with:



     python -m pip --version


    The output of the config set command then outputs the name of the config file for your convenience






    share|improve this answer























      Your Answer








      StackExchange.ready(function() {
      var channelOptions = {
      tags: "".split(" "),
      id: "3"
      };
      initTagRenderer("".split(" "), "".split(" "), channelOptions);

      StackExchange.using("externalEditor", function() {
      // Have to fire editor after snippets, if snippets enabled
      if (StackExchange.settings.snippets.snippetsEnabled) {
      StackExchange.using("snippets", function() {
      createEditor();
      });
      }
      else {
      createEditor();
      }
      });

      function createEditor() {
      StackExchange.prepareEditor({
      heartbeatType: 'answer',
      autoActivateHeartbeat: false,
      convertImagesToLinks: true,
      noModals: true,
      showLowRepImageUploadWarning: true,
      reputationToPostImages: 10,
      bindNavPrevention: true,
      postfix: "",
      imageUploader: {
      brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
      contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
      allowUrls: true
      },
      onDemand: true,
      discardSelector: ".discard-answer"
      ,immediatelyShowMarkdownHelp:true
      });


      }
      });














      draft saved

      draft discarded


















      StackExchange.ready(
      function () {
      StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f665069%2fcan-i-get-around-using-pip-install-cert%23new-answer', 'question_page');
      }
      );

      Post as a guest















      Required, but never shown

























      3 Answers
      3






      active

      oldest

      votes








      3 Answers
      3






      active

      oldest

      votes









      active

      oldest

      votes






      active

      oldest

      votes









      8














      You can set that through the pip configuration file, which is in $HOME/.pip/pip.conf or %APPDATA%pippip.ini on Windows:



      [global]
      cert = /usr/local/share/ca-certificate/mycert.crt


      This file lets you set basically all the flags that are used by pip. Full documentation is at https://pip.pypa.io/en/latest/user_guide/#configuration






      share|improve this answer





















      • 2





        I think your comment on my original post leads to the real answer, which is that pip does not use the system certs. This is a good solution, though it runs into issues when I'm switching between the work and home environments (over VPN). More an issue with the cert than the solution though.

        – Ian Lee
        Mar 24 '14 at 21:39








      • 1





        Updated link to configuration: pip.pypa.io/en/latest/user_guide.html#configuration

        – sequoia
        Jul 25 '15 at 0:51
















      8














      You can set that through the pip configuration file, which is in $HOME/.pip/pip.conf or %APPDATA%pippip.ini on Windows:



      [global]
      cert = /usr/local/share/ca-certificate/mycert.crt


      This file lets you set basically all the flags that are used by pip. Full documentation is at https://pip.pypa.io/en/latest/user_guide/#configuration






      share|improve this answer





















      • 2





        I think your comment on my original post leads to the real answer, which is that pip does not use the system certs. This is a good solution, though it runs into issues when I'm switching between the work and home environments (over VPN). More an issue with the cert than the solution though.

        – Ian Lee
        Mar 24 '14 at 21:39








      • 1





        Updated link to configuration: pip.pypa.io/en/latest/user_guide.html#configuration

        – sequoia
        Jul 25 '15 at 0:51














      8












      8








      8







      You can set that through the pip configuration file, which is in $HOME/.pip/pip.conf or %APPDATA%pippip.ini on Windows:



      [global]
      cert = /usr/local/share/ca-certificate/mycert.crt


      This file lets you set basically all the flags that are used by pip. Full documentation is at https://pip.pypa.io/en/latest/user_guide/#configuration






      share|improve this answer















      You can set that through the pip configuration file, which is in $HOME/.pip/pip.conf or %APPDATA%pippip.ini on Windows:



      [global]
      cert = /usr/local/share/ca-certificate/mycert.crt


      This file lets you set basically all the flags that are used by pip. Full documentation is at https://pip.pypa.io/en/latest/user_guide/#configuration







      share|improve this answer














      share|improve this answer



      share|improve this answer








      edited Jun 20 '18 at 15:02









      kay

      1318




      1318










      answered Dec 19 '13 at 19:02









      RyanRyan

      1964




      1964








      • 2





        I think your comment on my original post leads to the real answer, which is that pip does not use the system certs. This is a good solution, though it runs into issues when I'm switching between the work and home environments (over VPN). More an issue with the cert than the solution though.

        – Ian Lee
        Mar 24 '14 at 21:39








      • 1





        Updated link to configuration: pip.pypa.io/en/latest/user_guide.html#configuration

        – sequoia
        Jul 25 '15 at 0:51














      • 2





        I think your comment on my original post leads to the real answer, which is that pip does not use the system certs. This is a good solution, though it runs into issues when I'm switching between the work and home environments (over VPN). More an issue with the cert than the solution though.

        – Ian Lee
        Mar 24 '14 at 21:39








      • 1





        Updated link to configuration: pip.pypa.io/en/latest/user_guide.html#configuration

        – sequoia
        Jul 25 '15 at 0:51








      2




      2





      I think your comment on my original post leads to the real answer, which is that pip does not use the system certs. This is a good solution, though it runs into issues when I'm switching between the work and home environments (over VPN). More an issue with the cert than the solution though.

      – Ian Lee
      Mar 24 '14 at 21:39







      I think your comment on my original post leads to the real answer, which is that pip does not use the system certs. This is a good solution, though it runs into issues when I'm switching between the work and home environments (over VPN). More an issue with the cert than the solution though.

      – Ian Lee
      Mar 24 '14 at 21:39






      1




      1





      Updated link to configuration: pip.pypa.io/en/latest/user_guide.html#configuration

      – sequoia
      Jul 25 '15 at 0:51





      Updated link to configuration: pip.pypa.io/en/latest/user_guide.html#configuration

      – sequoia
      Jul 25 '15 at 0:51













      4














      For me, non of the config-file workarounds worked. I'm using pip 1.5.4 on Ubuntu 14.04



      What eventually worked for me is installing the certificate on the system first (for me on ubuntu this would be)



      sudo cp ~/my_cert.crt /usr/local/share/ca-certificates/
      sudo update-ca-certificates


      The previous automatically updates the bundle file (checking at the bottom of /etc/ssl/certs/ca-certificates.crt you should now see the same certificate as in my_cert.crt)



      Now use that path in PIP_CERT. And add it to my .bashrc:



      echo export PIP_CERT=/etc/ssl/certs/ca-certificates.crt >> ~/.bashrc


      DISCLAIMER: I already posted this answer in SO (same answer as in the 'eventually duplicated link above', but at the beginning I didn't find the other (eventually duplicated answer)... so if someone like me gets here first, then this might help.



      Maybe I'm breaking some kind of rules to post the same answer twice, one in SO and the other one in superuser. If so, sorry about that.






      share|improve this answer






























        4














        For me, non of the config-file workarounds worked. I'm using pip 1.5.4 on Ubuntu 14.04



        What eventually worked for me is installing the certificate on the system first (for me on ubuntu this would be)



        sudo cp ~/my_cert.crt /usr/local/share/ca-certificates/
        sudo update-ca-certificates


        The previous automatically updates the bundle file (checking at the bottom of /etc/ssl/certs/ca-certificates.crt you should now see the same certificate as in my_cert.crt)



        Now use that path in PIP_CERT. And add it to my .bashrc:



        echo export PIP_CERT=/etc/ssl/certs/ca-certificates.crt >> ~/.bashrc


        DISCLAIMER: I already posted this answer in SO (same answer as in the 'eventually duplicated link above', but at the beginning I didn't find the other (eventually duplicated answer)... so if someone like me gets here first, then this might help.



        Maybe I'm breaking some kind of rules to post the same answer twice, one in SO and the other one in superuser. If so, sorry about that.






        share|improve this answer




























          4












          4








          4







          For me, non of the config-file workarounds worked. I'm using pip 1.5.4 on Ubuntu 14.04



          What eventually worked for me is installing the certificate on the system first (for me on ubuntu this would be)



          sudo cp ~/my_cert.crt /usr/local/share/ca-certificates/
          sudo update-ca-certificates


          The previous automatically updates the bundle file (checking at the bottom of /etc/ssl/certs/ca-certificates.crt you should now see the same certificate as in my_cert.crt)



          Now use that path in PIP_CERT. And add it to my .bashrc:



          echo export PIP_CERT=/etc/ssl/certs/ca-certificates.crt >> ~/.bashrc


          DISCLAIMER: I already posted this answer in SO (same answer as in the 'eventually duplicated link above', but at the beginning I didn't find the other (eventually duplicated answer)... so if someone like me gets here first, then this might help.



          Maybe I'm breaking some kind of rules to post the same answer twice, one in SO and the other one in superuser. If so, sorry about that.






          share|improve this answer















          For me, non of the config-file workarounds worked. I'm using pip 1.5.4 on Ubuntu 14.04



          What eventually worked for me is installing the certificate on the system first (for me on ubuntu this would be)



          sudo cp ~/my_cert.crt /usr/local/share/ca-certificates/
          sudo update-ca-certificates


          The previous automatically updates the bundle file (checking at the bottom of /etc/ssl/certs/ca-certificates.crt you should now see the same certificate as in my_cert.crt)



          Now use that path in PIP_CERT. And add it to my .bashrc:



          echo export PIP_CERT=/etc/ssl/certs/ca-certificates.crt >> ~/.bashrc


          DISCLAIMER: I already posted this answer in SO (same answer as in the 'eventually duplicated link above', but at the beginning I didn't find the other (eventually duplicated answer)... so if someone like me gets here first, then this might help.



          Maybe I'm breaking some kind of rules to post the same answer twice, one in SO and the other one in superuser. If so, sorry about that.







          share|improve this answer














          share|improve this answer



          share|improve this answer








          edited Aug 3 '16 at 8:02

























          answered Aug 2 '16 at 10:31









          andzepandzep

          1414




          1414























              1














              This worked for me without needing to know where the config file lives:



              python -m pip config set global.cert C:\Path\cert.crt


              I believe you need pip version 10+, which you can find with:



               python -m pip --version


              The output of the config set command then outputs the name of the config file for your convenience






              share|improve this answer




























                1














                This worked for me without needing to know where the config file lives:



                python -m pip config set global.cert C:\Path\cert.crt


                I believe you need pip version 10+, which you can find with:



                 python -m pip --version


                The output of the config set command then outputs the name of the config file for your convenience






                share|improve this answer


























                  1












                  1








                  1







                  This worked for me without needing to know where the config file lives:



                  python -m pip config set global.cert C:\Path\cert.crt


                  I believe you need pip version 10+, which you can find with:



                   python -m pip --version


                  The output of the config set command then outputs the name of the config file for your convenience






                  share|improve this answer













                  This worked for me without needing to know where the config file lives:



                  python -m pip config set global.cert C:\Path\cert.crt


                  I believe you need pip version 10+, which you can find with:



                   python -m pip --version


                  The output of the config set command then outputs the name of the config file for your convenience







                  share|improve this answer












                  share|improve this answer



                  share|improve this answer










                  answered Jan 14 at 23:14









                  avatarofhope2avatarofhope2

                  112




                  112






























                      draft saved

                      draft discarded




















































                      Thanks for contributing an answer to Super User!


                      • Please be sure to answer the question. Provide details and share your research!

                      But avoid



                      • Asking for help, clarification, or responding to other answers.

                      • Making statements based on opinion; back them up with references or personal experience.


                      To learn more, see our tips on writing great answers.




                      draft saved


                      draft discarded














                      StackExchange.ready(
                      function () {
                      StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f665069%2fcan-i-get-around-using-pip-install-cert%23new-answer', 'question_page');
                      }
                      );

                      Post as a guest















                      Required, but never shown





















































                      Required, but never shown














                      Required, but never shown












                      Required, but never shown







                      Required, but never shown

































                      Required, but never shown














                      Required, but never shown












                      Required, but never shown







                      Required, but never shown







                      Popular posts from this blog

                      Сан-Квентин

                      Алькесар

                      Josef Freinademetz