pip installation failing SSL: CERTIFICATE_VERIFY_FAILED on windows

Question

I am using a company computer on Windows. I have my own index that is hosted on an https website. I am aware that i can avoid using https using trusted-host. But i wanted to use it.

I am trying to install packages as follows:

 pip install -i https://pathtoindex/simple/ pkgname

But i get the following error:

Could not fetch URL [...] There was a problem confirming the ssl
certificate: [SSL: CERTIFICATE_VERIFY_FAILED]
certificate verify failed (_ssl.c:590) - skipping

I also did try to download the .pem certification file for my domain from Mozilla, I tried the following command:

pip --cert dirtocert/cert.pem install -i https://pathtoindex/simple/ pkgname

This doesn't work either though, still get the same error.

Answer 1

You'll need the root CA certificate for the certificate IT provided for your service. Either it's a self-signed one or it's one provided by a commercial provider. In both cases your IT department should be able to provide the certificate.

You also could use openssl to have a look at your certificate:

openssl s_client -showcerts -connect your-domain.com:443

(* Alternatively you can use your browser for this. Click on the lock in the address bar and select 'details' (or something similar)..)

Under "Server certificate" there should be an "issuer"-section. If the issuer is your company, you're most likely using a self-signed certificate. If it's something else (e.g. COMODO, StartCom, etc.) you can use their root or intermediate CA certs.