Conda SSL error

Question

I’m having some issues getting conda to respect my proxy declaration. I’ve copied the proxy strings from the examples in the conda docs and replaced the urls with my own. I’ve also exported the HTTP_PROXY and HTTPS_PROXY with strings that I know work. My ~/.condarc file looks like:

proxy_servers:
    http: http://<proxyaddress>:<port>
    https: https://<proxyaddress>:<port>

Any suggestions?

EDIT: conda version: 3.14.1

looks like the proxy string is actually fine. The real issue that didn't come up at first is that conda isn't using the ca-cert that I need for due to our corporate proxy. The specific error, which appears when I attempt to install a package, is:

Error: Connection error: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:581): ...

Answer 1

conda config --set ssl_verify false

Answer 2

I faced the same problem on Mac OS X and with Miniconda. After trying many of the proposed solutions for hours I found that I needed to correctly set Condas environment (specifically requests that conda uses to make HTTPS connections) to use the Root certificate that my company provided rather than the generic ones that Conda provides.

Expanding on @LISTERINE's answer here is how I could solved it:

1. Open Chrome, got to any website, click on the lock icon on the left of the URL. Click on «Certificate» on the dropdown. In the next window you see a stack of certificates. The uppermost (aka top line in window) is the root certificate (e.g. Zscaler Root CA in my case, yours will very likely be a different one).

2. Open Mac OS keychain, click on «Certificates» and choose among the many certificates the root certificate that you just identified. Export this to any folder of your choosing.

3. Convert this certificate with openssl: openssl x509 -inform der -in /path/to/your/certificate.cer -out /path/to/converted/certificate.pem

4. For a quick check set your shell to acknowledge the certificate: export REQUESTS_CA_BUNDLE=/path/to/converted/certificate.pem

5. To set this permanently you have two options:

   A. open your shell profile (.bshrs or e.g. .zshrc) and add this line: export REQUESTS_CA_BUNDLE=/path/to/converted/certificate.pem.

   ~~OR~~

   B. run conda config --set ssl_verify /path/to/converted/certificate.pem which will add the location of the certificate to ~/.condarc

Now exit your terminal/shell and reopen. Check again. You should be set and Conda should work fine.

Answer 3

I figured it out so I thought I'd come back and report.

I'm not sure how to make conda use a specific cert, but conda uses requests for it's web requests. You can inject a cert bundle into requests' path by setting the environment variable REQUESTS_CA_BUNDLE.

so I ran:

export REQUESTS_CA_BUNDLE=/usr/local/share/ca-certificates/<my-cert-name>

and now conda can get through our proxy!

Answer 4

It worked for me, by editing .condarc file as below.

channels:
    - defaults
#ssl_verify: C:\Users\ravikumk\certs\ca.crt

ssl_verify: false

# Show channel URLs when displaying what is going to be downloaded and
# in 'conda list'. The default is False.
show_channel_urls: True
allow_other_channels: True