Add a CA certificate to openssl ca-bundle and pip problems
I have an HTTPS proxy in place that uses a self-contained intermediate CA.
When using `pip` to install a python egg, I was receiving the following error:
SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Add a CA to a certificate bundle:
Your ca-bundle.crt maybe be located in another directory.
cp /etc/pki/tls/certs/ca-bundle.crt /etc/pki/tls/certs/ca-bundle.crt.bak openssl x509 -text -in untrusted_cacert.cer >> /etc/pki/tls/certs/ca-bundle.crt openssl verify -CAfile /etc/pki/tls/certsca-bundle.crt untrusted-intermediateca.cer # should result in "OK" openssl s_client -showcerts -connect pypi.python.org:443 # should see "Verify return code: 0 (ok)" in resultant
Add a CA to be trusted by pip:
I had to run `strace` on `pip install` to see what it was referencing, as I was still getting the above error.
cp /usr/local/lib/python2.7/site-packages/pip/cacert.pem /usr/local/lib/python2.7/site-packages/pip/cacert.pem.bak openssl x509 -text -in untrusted_cacert.cer >> /usr/local/lib/python2.7/site-packages/pip/cacert.pem pip-2.7 -v install matplotlib -v