英文:
Python: Force Virtual Environments to use system certificate store on Windows
问题
我的公司使用VPN,但它与PIP证书验证默认不兼容。当我使用pip install asyncio
安装包时,出现以下错误:
> Retrying (Retry(total=4, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:992)'))': /simple/asyncio/
在系统范围的Python安装中,可以通过以下方法绕过这个问题:
pip install --trusted-host pypi.org --trusted-host pypi.python.org --trusted-host files.pythonhosted.org pip-system-certs
之后,将使用Windows证书存储,其中包含VPN的CA。现在,我只需使用:
pip install asyncio
一切都能正常工作。
然而,如果我使用虚拟环境,我又回到了同样的问题,必须首先安装pip-system-certs:
python -m venv C:\location\of\venv
cd C:\location\of\venv
.\Scripts\activate
pip install asyncio
> Retrying (Retry(total=4, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:992)'))': /simple/asyncio/
这使得与类似Poetry的系统一起工作非常困难,因为所有配置都需要更改。
是否有办法强制系统上的所有Python虚拟环境使用系统证书存储?
英文:
My company uses a VPN, which does not work with the PIP certificate check out of the box. When I install a package with pip install asyncio
, it gives me the following error:
> Retrying (Retry(total=4, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:992)'))': /simple/asyncio/
In the system wide python installation, this can be circumvented by using:
pip install --trusted-host pypi.org --trusted-host pypi.python.org --trusted-host files.pythonhosted.org pip-system-certs
After that, the Windows certificate store is used, which contains the CA for the VPN. Now, I can just use:
pip install asyncio
and all works fine.
However, if I use a virtual environment, I am back in the same position of having to first install pip-system-certs:
python -m venv C:\location\of\venv
cd C:\location\of\venv
.\Scripts\activate
pip install asyncio
> Retrying (Retry(total=4, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:992)'))': /simple/asyncio/
This makes working with systems like Poetry very difficult, because all configurations need to change.
Is there a way to force all Python Virtual Environments on my system to use the system certificate store?
答案1
得分: 2
我遇到过类似的问题,但是在 Linux 机器上。解决问题的方法如下:
-
检查证书存储在你的 "全局" 环境中的位置。
-
检查虚拟环境中的位置。例如,使用以下命令:
python3 -m certifi
输出应该类似于:
/path/to/global_env/certificate1.crt
-
用全局环境的证书替换虚拟环境的证书。
mv /path/to/global_env/certificate1.crt /path/to/virtualenv/certificate2.pem
现在两个环境都使用相同的证书文件。
英文:
I had a similar problem, but on a Linux machine. What solved the problem for me was the following:
-
check where the certificate is stored in your "global" environment
-
check the same for the virtual environment. Use, for example
>> python3 -m certifi output is something like this: /path/to/global_env/certificate1.crt
-
replace the virtual environment's certificate with that of the global environment
mv /path/to/global_env/certificate1.crt /path/to/virtualenv/certificate2.pem
Now the same certificate file is used in both environments.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论