Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

most likely your corporate file wall have captured the ssl certifcate and reissued another certficate of their own back to your machine. (your distro of linux machine is doing the right thing, because your corporation is actually pretending to be owner of the site (which the installer is trying to download the package from), when they are actually not, what this means is that your corporation proxy servers can decrypt and spy on your requests to the sites).

What you can do is the below

  1. ask your corporation for the certficate (which they always capture and issue back to you), you should also be able to physically save this certificate as a crt file. When you visit any https website (within your corporations network) in a browser, and use your browser to download the certficate file as a crt file.
  2. Install (import) the certifcate to your Linux Machine, you can follow instructions on this site (http://kb.kerio.com/product/kerio-connect/server-configuration/ssl-certificates/adding-trusted-root-certificates-to-the-server-1605.html)
  3. you have to make couple changes to the files in several files (e.g. stack.sh, get-pip.py) to specify the certificate location

Details on the files to change to specify the certificate location

Assuming you've already set up your proxy correctly

devstack/inc/python: line 151-157, insert "--cert=<certificate_location>" after "$cmd_pip $upgrade", in my case, my <certificate_location> is /etc/ssl/certs/ca-certificates.crt

devstack/inc/python: line 165-171, insert "--cert=<certificate_location>" after "$cmd_pip $upgrade", in my case, my <certificate_location> is /etc/ssl/certs/ca-certificates.crt

devstack/tools/install_pip.sh: line 80, change this line to something like sudo -H -E python $LOCAL_PIP --cert=<certificate_location> -c $TOOLS_DIR/cap-pip.txt , in my case, my <certificate_location> is /etc/ssl/certs/ca-certficates.crt

Note, some of the files might be downloaded files during installation, if they are, make the changes after they are downloaded (if none of these files are downloaded files during installation, good it just makes life easier), also if your installation is using python3, you should make these similar changes to python3 locations in the files, they should be right next to the above locations specified

most likely your corporate file wall have captured the ssl certifcate and reissued another certficate of their own back to your machine. (your distro of linux machine is doing the right thing, because your corporation is actually pretending to be owner of the site (which the installer is trying to download the package from), when they are actually not, what this means is that your corporation proxy servers can decrypt and spy on your requests to the sites).

What you can do is the below

  1. ask your corporation for the certficate (which they always capture and issue back to you), you should also be able to physically save this certificate as a crt file. When you visit any https website (within your corporations network) in a browser, and use your browser to download the certficate file as a crt file.
  2. Install (import) the certifcate to your Linux Machine, you can follow instructions on this site (http://kb.kerio.com/product/kerio-connect/server-configuration/ssl-certificates/adding-trusted-root-certificates-to-the-server-1605.html)
  3. you have two options here 3.1 Option 1 (hardway) - you have to make couple changes to the files in several files (e.g. stack.sh, get-pip.py) to specify the certificate location

Details on the files to change to specify the certificate location

Assuming you've already set up your proxy correctly

devstack/inc/python: line 151-157, insert "--cert=<certificate_location>" after "$cmd_pip $upgrade", in my case, my <certificate_location> is /etc/ssl/certs/ca-certificates.crt

devstack/inc/python: line 165-171, insert "--cert=<certificate_location>" after "$cmd_pip $upgrade", in my case, my <certificate_location> is /etc/ssl/certs/ca-certificates.crt

devstack/tools/install_pip.sh: line 80, change this line to something like sudo -H -E python $LOCAL_PIP --cert=<certificate_location> -c $TOOLS_DIR/cap-pip.txt , in my case, my <certificate_location> is /etc/ssl/certs/ca-certficates.crt

Note, some of the files might be downloaded files during installation, if they are, make the changes after they are downloaded (if none of these files are downloaded files during installation, good it just makes life easier), also if your installation is using python3, you should make these similar changes to python3 locations in the files, they should be right next to the above locations specified

3.2 Option 2 (easy way) - create a configuration file for pip at location ~/.pip/pip.conf In the pip.conf file you need to specify the location of the ssl certificates. it should look something like below

[global]

cert = <certificate_location>

For me the <certificate_location> is /etc/ssl/certs/ca-certificates.crt

most likely your corporate file wall have captured the ssl certifcate and reissued another certficate of their own back to your machine. (your distro of linux machine is doing the right thing, because your corporation is actually pretending to be owner of the site (which the installer is trying to download the package from), when they are actually not, what this means is that your corporation proxy servers can decrypt and spy on your requests to the sites).

What you can do is the below

  1. ask your corporation for the certficate (which they always capture and issue back to you), you should also be able to physically save this certificate as a crt file. When you visit any https website (within your corporations network) in a browser, and use your browser to download the certficate file as a crt file.
  2. Install (import) the certifcate to your Linux Machine, you can follow instructions on this site (http://kb.kerio.com/product/kerio-connect/server-configuration/ssl-certificates/adding-trusted-root-certificates-to-the-server-1605.html)
  3. you have two options here

     3.1 Option 1 (hardway) - you have to make couple changes to the files in several files (e.g. stack.sh, get-pip.py) to specify the certificate location
location

Details on the files to change to specify the certificate location

Assuming you've already set up your proxy correctly

devstack/inc/python: line 151-157, insert "--cert=<certificate_location>" after "$cmd_pip $upgrade", in my case, my <certificate_location> is /etc/ssl/certs/ca-certificates.crt

devstack/inc/python: line 165-171, insert "--cert=<certificate_location>" after "$cmd_pip $upgrade", in my case, my <certificate_location> is /etc/ssl/certs/ca-certificates.crt

devstack/tools/install_pip.sh: line 80, change this line to something like sudo -H -E python $LOCAL_PIP --cert=<certificate_location> -c $TOOLS_DIR/cap-pip.txt , in my case, my <certificate_location> is /etc/ssl/certs/ca-certficates.crt

Note, some of the files might be downloaded files during installation, if they are, make the changes after they are downloaded (if none of these files are downloaded files during installation, good it just makes life easier), also if your installation is using python3, you should make these similar changes to python3 locations in the files, they should be right next to the above locations specified

3.2 Option 2 (easy way) - create a configuration file for pip at location ~/.pip/pip.conf In the pip.conf file you need to specify the location of the ssl certificates. it should look something like below

[global]

cert = <certificate_location>

For me the <certificate_location> is /etc/ssl/certs/ca-certificates.crt

most likely your corporate file wall have captured the ssl certifcate and reissued another certficate of their own back to your machine. (your distro of linux machine is doing the right thing, because your corporation is actually pretending to be owner of the site (which the installer is trying to download the package from), when they are actually not, what this means is that your corporation proxy servers can decrypt and spy on your requests to the sites).

What you can do is the below

  1. ask your corporation for the certficate (which they always capture and issue back to you), you should also be able to physically save this certificate as a crt file. When you visit any https website (within your corporations network) in a browser, and use your browser to download the certficate file as a crt file.
  2. Install (import) the certifcate to your Linux Machine, you can follow instructions on this site (http://kb.kerio.com/product/kerio-connect/server-configuration/ssl-certificates/adding-trusted-root-certificates-to-the-server-1605.html)
  3. you have two options here

     3.1 Option 1 (hardway) - you have to make couple changes to the files in several files (e.g. stack.sh, get-pip.py) to specify the certificate location
    

    Details on the files to change to specify the certificate location

    Assuming you've already set up your proxy correctly

    devstack/inc/python: line 151-157, insert "--cert=<certificate_location>" after "$cmd_pip $upgrade", in my case, my <certificate_location> is /etc/ssl/certs/ca-certificates.crt

    devstack/inc/python: line 165-171, insert "--cert=<certificate_location>" after "$cmd_pip $upgrade", in my case, my <certificate_location> is /etc/ssl/certs/ca-certificates.crt

    devstack/tools/install_pip.sh: line 80, change this line to something like sudo -H -E python $LOCAL_PIP --cert=<certificate_location> -c $TOOLS_DIR/cap-pip.txt , in my case, my <certificate_location> is /etc/ssl/certs/ca-certficates.crt

    Note, some of the files might be downloaded files during installation, if they are, make the changes after they are downloaded (if none of these files are downloaded files during installation, good it just makes life easier), also if your installation is using python3, you should make these similar changes to python3 locations in the files, they should be right next to the above locations specified

    3.2 Option 2 (easy way) - create a configuration file for pip at location ~/.pip/pip.conf In the pip.conf file you need to specify the location of the ssl certificates. it should look something like below

    below

    [global]

    cert = <certificate_location>

    For me the <certificate_location> is /etc/ssl/certs/ca-certificates.crt

most likely your corporate file wall have captured the ssl certifcate and reissued another certficate of their own back to your machine. (your distro of linux machine is doing the right thing, because your corporation is actually pretending to be owner of the site (which the installer is trying to download the package from), when they are actually not, what this means is that your corporation proxy servers can decrypt and spy on your requests to the sites).

What you can do is the below

  1. ask your corporation for the certficate (which they always capture and issue back to you), you should also be able to physically save this certificate as a crt file. When you visit any https website (within your corporations network) in a browser, and use your browser to download the certficate file as a crt file.
  2. Install (import) the certifcate to your Linux Machine, you can follow instructions on this site (http://kb.kerio.com/product/kerio-connect/server-configuration/ssl-certificates/adding-trusted-root-certificates-to-the-server-1605.html)
  3. you have two options here

     3.1 Option 1 (hardway) (hard way) - you have to make couple changes to the files in several files (e.g. stack.sh, get-pip.py) to specify the certificate location
    

    Details on the files to change to specify the certificate location

    Assuming you've already set up your proxy correctly

    devstack/inc/python: line 151-157, insert "--cert=<certificate_location>" after "$cmd_pip $upgrade", in my case, my <certificate_location> is /etc/ssl/certs/ca-certificates.crt

    devstack/inc/python: line 165-171, insert "--cert=<certificate_location>" after "$cmd_pip $upgrade", in my case, my <certificate_location> is /etc/ssl/certs/ca-certificates.crt

    devstack/tools/install_pip.sh: line 80, change this line to something like sudo -H -E python $LOCAL_PIP --cert=<certificate_location> -c $TOOLS_DIR/cap-pip.txt , in my case, my <certificate_location> is /etc/ssl/certs/ca-certficates.crt

    Note, some of the files might be downloaded files during installation, if they are, make the changes after they are downloaded (if none of these files are downloaded files during installation, good it just makes life easier), also if your installation is using python3, you should make these similar changes to python3 locations in the files, they should be right next to the above locations specified

    3.2 Option 2 (easy way) - create a configuration file for pip at location ~/.pip/pip.conf In the pip.conf file you need to specify the location of the ssl certificates. it should look something like below
    

    [global]

    cert = <certificate_location>

    For me the <certificate_location> is /etc/ssl/certs/ca-certificates.crt

most likely your corporate file wall have captured the ssl certifcate and reissued another certficate of their own back to your machine. (your distro of linux machine is doing the right thing, because your corporation is actually pretending to be owner of the site (which the installer is trying to download the package from), when they are actually not, what this means is that your corporation proxy servers can decrypt and spy on your requests to the sites).

What you can do is the below

  1. ask your corporation for the certficate (which they always capture and issue back to you), you should also be able to physically save this certificate as a crt file. When you visit any https website (within your corporations network) in a browser, and use your browser to download the certficate file as a crt file.
  2. Install (import) the certifcate to your Linux Machine, you can follow instructions on this site (http://kb.kerio.com/product/kerio-connect/server-configuration/ssl-certificates/adding-trusted-root-certificates-to-the-server-1605.html)
  3. you have to do two options things here

     3.1 Option 1 (hard way) first thing - you have to make couple changes to the files in several files (e.g. stack.sh, get-pip.py) to specify the certificate location
    

    Details on the files to change to specify the certificate location

    Assuming you've already set up your proxy correctly

    devstack/inc/python: line 151-157, insert "--cert=<certificate_location>" "--cert=<certificate_location> \" after "$cmd_pip $upgrade", $upgrade \", in my case, my <certificate_location> is /etc/ssl/certs/ca-certificates.crt

    devstack/inc/python: line 165-171, insert "--cert=<certificate_location>" "--cert=<certificate_location> \" after "$cmd_pip $upgrade", $upgrade \", in my case, my <certificate_location> is /etc/ssl/certs/ca-certificates.crt

    devstack/tools/install_pip.sh: line 80, change this line to something like sudo -H -E python $LOCAL_PIP --cert=<certificate_location> -c $TOOLS_DIR/cap-pip.txt , in my case, my <certificate_location> is /etc/ssl/certs/ca-certficates.crt

    Note, some of the files might be downloaded files during installation, if they are, make the changes after they are downloaded (if none of these files are downloaded files during installation, good it just makes life easier), also if your installation is using python3, you should make these similar changes to python3 locations in the files, they should be right next to the above locations specified

    3.2 Option 2 (easy way) second thing - create a configuration file for pip at location ~/.pip/pip.conf In the pip.conf file you need to specify the location of the ssl certificates. it should look something like below
    

    [global]

    cert = <certificate_location>

    For me the <certificate_location> is /etc/ssl/certs/ca-certificates.crt

most likely your corporate file wall have captured the ssl certifcate and reissued another certficate of their own back to your machine. (your distro of linux machine is doing the right thing, because your corporation is actually pretending to be owner of the site (which the installer is trying to download the package from), when they are actually not, what this means is that your corporation proxy servers can decrypt and spy on your requests to the sites).

What you can do is the below

  1. ask your corporation for the certficate (which they always capture and issue back to you), you should also be able to physically save this certificate as a crt file. When you visit any https website (within your corporations network) in a browser, and use your browser to download the certficate file as a crt file.
  2. Install (import) the certifcate to your Linux Machine, you can follow instructions on this site (http://kb.kerio.com/product/kerio-connect/server-configuration/ssl-certificates/adding-trusted-root-certificates-to-the-server-1605.html)
  3. you have to do two things here

     3.1 first thing - you have to make couple changes to the files in several files (e.g. stack.sh, get-pip.py) to specify the certificate location
    

    Details on the files to change to specify the certificate location

    Assuming you've already set up your proxy correctly

    devstack/inc/python: line 151-157, insert "--cert=<certificate_location> \" after "$cmd_pip $upgrade \", in my case, my <certificate_location> is /etc/ssl/certs/ca-certificates.crt

    devstack/inc/python: line 165-171, insert "--cert=<certificate_location> \" after "$cmd_pip $upgrade \", in my case, my <certificate_location> is /etc/ssl/certs/ca-certificates.crt

    devstack/tools/install_pip.sh: line 80, change this line to something like sudo -H -E python $LOCAL_PIP --cert=<certificate_location> -c $TOOLS_DIR/cap-pip.txt , in my case, my <certificate_location> is /etc/ssl/certs/ca-certficates.crt

    Note, some of the files might be downloaded files during installation, if they are, make the changes after they are downloaded (if none of these files are downloaded files during installation, good it just makes life easier), also if your installation is using python3, you should make these similar changes to python3 locations in the files, they should be right next to the above locations specified

    3.2 second thing - create a configuration file for pip at location ~/.pip/pip.conf In the pip.conf file you need to specify the location of the ssl certificates. it should look something like below
    

    [global]

    cert = <certificate_location>

    For me the <certificate_location> is /etc/ssl/certs/ca-certificates.crt

most likely your corporate file wall have captured the ssl certifcate and reissued another certficate of their own back to your machine. (your distro of linux machine is doing the right thing, because your corporation is actually pretending to be owner of the site (which the installer is trying to download the package from), when they are actually not, what this means is that your corporation proxy servers can decrypt and spy on your requests to the sites).

What you can do is the below

  1. ask your corporation for the certficate (which they always capture and issue back to you), you should also be able to physically save this certificate as a crt file. When you visit any https website (within your corporations network) in a browser, and use your browser to download the certficate file as a crt file.
  2. Install (import) the certifcate to your Linux Machine, you can follow instructions on this site (http://kb.kerio.com/product/kerio-connect/server-configuration/ssl-certificates/adding-trusted-root-certificates-to-the-server-1605.html)
  3. you have to do two things here

     3.1 first thing - you have to make couple changes to the files in several files (e.g. stack.sh, get-pip.py) to specify the certificate location
    

    Details on the files to change to specify the certificate location

    Assuming you've already set up your proxy correctly

    devstack/inc/python: line 151-157, insert "--cert=<certificate_location> \" after "$cmd_pip $upgrade \", in my case, my <certificate_location> is /etc/ssl/certs/ca-certificates.crt

    devstack/inc/python: line 165-171, insert "--cert=<certificate_location> \" after "$cmd_pip $upgrade \", in my case, my <certificate_location> is /etc/ssl/certs/ca-certificates.crt

    devstack/tools/install_pip.sh: line 80, change this line to something like sudo -H -E python $LOCAL_PIP --cert=<certificate_location> -c $TOOLS_DIR/cap-pip.txt , in my case, my <certificate_location> is /etc/ssl/certs/ca-certficates.crt

    Note, some of the files might be downloaded files during installation, if they are, make the changes after they are downloaded (if none of these files are downloaded files during installation, good it just makes life easier), also if your installation is using python3, you should make these similar changes to python3 locations in the files, they should be right next to the above locations specified

    3.2 second thing - create a configuration file for pip at location ~/.pip/pip.conf In the pip.conf file you need to specify the location of the ssl certificates. it should look something like below
    

    [global]

    cert = <certificate_location>

    For me the <certificate_location> is /etc/ssl/certs/ca-certificates.crt

most likely your corporate file fire wall have captured the ssl certifcate and reissued another certficate of their own back to your machine. (your distro of linux machine is doing the right thing, because your corporation is actually pretending to be owner of the site (which the installer is trying to download the package from), when they are actually not, what this means is that your corporation proxy servers can decrypt and spy on your requests to the sites).

What you can do is the below

  1. ask your corporation for the certficate (which they always capture and issue back to you), you should also be able to physically save this certificate as a crt file. When you visit any https website (within your corporations network) in a browser, and use your browser to download the certficate file as a crt file.
  2. Install (import) the certifcate to your Linux Machine, you can follow instructions on this site (http://kb.kerio.com/product/kerio-connect/server-configuration/ssl-certificates/adding-trusted-root-certificates-to-the-server-1605.html)
  3. you have to do two things here

     3.1 first thing - you have to make couple changes to the files in several files to specify the certificate location
    

    Details on the files to change to specify the certificate location

    Assuming you've already set up your proxy correctly

    devstack/inc/python: line 151-157, insert "--cert=<certificate_location> \" after "$cmd_pip $upgrade \", in my case, my <certificate_location> is /etc/ssl/certs/ca-certificates.crt

    devstack/inc/python: line 165-171, insert "--cert=<certificate_location> \" after "$cmd_pip $upgrade \", in my case, my <certificate_location> is /etc/ssl/certs/ca-certificates.crt

    devstack/tools/install_pip.sh: line 80, change this line to something like sudo -H -E python $LOCAL_PIP --cert=<certificate_location> -c $TOOLS_DIR/cap-pip.txt , in my case, my <certificate_location> is /etc/ssl/certs/ca-certficates.crt

    Note, some of the files might be downloaded files during installation, if they are, make the changes after they are downloaded (if none of these files are downloaded files during installation, good it just makes life easier), also if your installation is using python3, you should make these similar changes to python3 locations in the files, they should be right next to the above locations specified

    3.2 second thing - create a configuration file for pip at location ~/.pip/pip.conf In the pip.conf file you need to specify the location of the ssl certificates. it should look something like below
    

    [global]

    cert = <certificate_location>

    For me the <certificate_location> is /etc/ssl/certs/ca-certificates.crt