Python is a programming language known for its ease. It has a large collection of libraries. The users can make use of these libraries to perform the task instead of developing things from the scratch.
Python has some standard libraries which are installed by default when you install Python on your system. If you need to use some other libraries that are developed by the Python community, they are available in the PyPI repo.
Installing from PyPI is like downloading software from an unofficial source. There is a risk involved. Thus many companies do not allow their employees to access this site. That is, their firewall settings wouldn’t trust PyPI.org resulting in an SSL certificate error.
Table of Contents
Understanding the Cause of this error:
Let’s say, you need to use an external package named requests. Since the requests library is not installed by default, you try to install it with pip using the below command :
pip install requests
You see the following error:
Getting page https://pypi.org/simple/requests3/ Could not fetch URL https://pypi.python.org/<link-to-package>/: connection error: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:598)
When you run the pip command, it tries to reach the PyPI site. But because PyPI is not a trusted site, the system is not allowed to access the contents, hence, returning a connection error stating certificate validation failed.
To fix this error, you can do one of the following:
- Ignore the SSL certificate validation.
- Add PyPI as a trusted host.
- Import and add an SSL certificate for the PyPI site(only if it is feasible).
Before processing the fixes, ensure your internet connection is up and working.
Fix 1: Ignore the SSL certificate validation.
You can ignore the SSL errors while installing a certain package using the below command:
pip install <package_name> config --global http.sslVerify false
To ignore the SSL errors while downloading requests, use the below command:
pip install requests config --global http.sslVerify false
Fix 2: Add PyPI as a trusted host.
You can add pypi.org, files.pythonhosted.org as a trusted host using the –trusted-host parameter in the pip command to ignore the SSL errors raised during the installation process. To do so, use the below command:
pip install --trusted-host pypi.org --trusted-host files.pythonhosted.org <package_name>
Note: If you are using Python 3, replace pip with pip3
The above command helps you solve the error. But the trusted host parameter has to be specified every time you install a library from the PyPI site. To avoid this, you can add the sites to the pip configuration file using the below command.
pip config set global.trusted-host "pypi.org files.pythonhosted.org"
Fix 3: Import and add the SSL certificate for PyPI
This way is a secure way of installing the package. However, one should have OpenSSL pre-installed in your system.
1. Click on the pypi.org link.
2. Click on the lock icon next to the URL.
3. Click on Connection is secure.
4. Click on Certificate is valid.
5. Go to the Details tab.
6. Click on the Copy to File button.
7. Certificate Export Wizard opens. Click on the Next button.
8. Check the option DER encoded binary X.509 (.CER) and click on Next.
9. Give the desired filename. Say, my-cert.cer
10. Click on Finish.
11. Open the OpenSSL window and type the below command to convert the format to .pem
openssl x509 -in <FileName>.cer -inform DER -out <FileName>.pem -outform PEM
For example, to convert the my-cert.cer file, enter the below command
openssl x509 -in my-cert.cer -inform DER -out my-cert.pem -outform PEM
12. Now, use this certificate with the pip command every time you install the package
pip --cert my-cert.pem install <packageName>
Conclusion:
This brings us to the end of this article. We hope this article has been informative. Kindly comment and let us know the fix that helped you.
Thanks for reading.
Also check ,pip install returning an invalid syntax Error