MacOS + Homebrew + Python3 + pip + decryption

Are you encountering SSL certificate verification errors while using Python’s pip on MacOS with Homebrew? This common issue can hinder your ability to install packages securely, but worry not! In this comprehensive guide, we’ll walk you through a straightforward solution to append the Root CA certificate to your cacert.pem file, resolving these pesky errors. Let’s dive in!

Understanding the Problem

When attempting to install Python packages using pip, you might encounter SSL certificate verification errors like these:

$ python3 -m pip install <package>                         
WARNING: Retrying (Retry(total=4, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY FAILED] certificate verify failed: self-signed certificate in certificate chain (_ssl.c:1006)'))': /simple/<package>/
...
ERROR: No matching distribution found for <package>

These errors occur when pip cannot verify the SSL certificate of the package repository. This is often due to a missing or outdated Root CA (Certificate Authority) certificate in the cacert.pem file used by Python’s SSL library.

Locating cacert.pem

First, it’s essential to locate the cacert.pem file.

If you’ve installed Python via Homebrew, this file typically resides in a specific directory based on the Python version. For Python 3.11, you’ll find it at:

/opt/homebrew/lib/python3.11/site-packages/pip/_vendor/certifi/cacert.pem

Make sure to adjust the path according to your Python version.

Fetching the Root CA Certificate

To resolve the SSL issue, we need to append the correct Root CA certificate to the cacert.pem file. Here’s how you can fetch it:

  1. Open Terminal: Launch the Terminal application on your MacOS.
  2. Run OpenSSL Command: Execute the following command to connect to the Python Package Index (PyPI) and fetch its SSL certificate:
  1. openssl s_client -connect pypi.org:443 -showcerts
  2. Copy the Root CA Certificate: Look for the lines starting with
    -----BEGIN CERTIFICATE-----
    <certificate data>
    -----END CERTIFICATE-----
    and that it’s near the section that mentions issuer and contains Root
  3. Copy this entire section.

Appending the Root CA Certificate

Now, let’s append this certificate to the cacert.pem file:

  1. Open cacert.pem: Use a text editor to open the cacert.pem file. For example, you can use nano.
  2. nano /opt/homebrew/lib/python3.11/site-packages/pip/_vendor/certifi/cacert.pem
  3. Append the Certificate: Scroll to the end of the file and paste the Root CA certificate you copied earlier.
  4. Save and Exit: Save the file and exit the editor. In nano, you can do this by pressing CTRL+O, Enter, and then CTRL+X.

    Testing the Solution

    Finally, let’s test if the issue is resolved:

    1. Retry Installation: Run the pip install command again:
    2. python3 -m pip install <package>
    3. Check for Errors: If the process completes without SSL errors, congratulations! You’ve successfully resolved the issue.

    Conclusion

    SSL certificate errors can be a hurdle, but with the right steps, they are easily surmountable. By understanding the cause and methodically updating your cacert.pem file, you can ensure secure and smooth installations of Python packages on MacOS with Homebrew. Keep exploring and happy coding!

    , , , , , , , , , , , , ,

    Personal Blog

    Personal blog of myself and what I do.

    Home About Cybersecurity Links and Tools

    πŸ”’ Cybersecurity πŸ” PKI 🍲 Foodie πŸ’°Cryptocurrency 🐳 Docker πŸ‘¨β€πŸ’» Programming 🧠 Personal πŸ“Έ Photography