I want to upload a Python package to a secured (HTTPS) Artifactory server from my machine using Twine.
First, using the following:
twine upload --verbose \
--repository-url https://URL/artifactory/api/pypi/PATH \
--username XX \
--password XX \
dist/*
I get the following error:
requests.exceptions.SSLError: HTTPSConnectionPool(host='URL', port=443): Max retries exceeded with url: /artifactory/api/pypi/PATH (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1108)')))
After a big of digging, I found this little solution. So I downloaded the cert.pem file and provided it to my upload command with:
--cert ../../bin/cert.pem
Which still gives me the following error:
certificate verify failed: unable to get local issuer certificate
How can I solve this issue correctly (I would like NOT TO disable SSL check).
CodePudding user response:
It appears to be an issue with the client in recognizing the certificate. Are you trying to execute the above mentioned task in a MacOS machine? If yes, installing Certificates.command should help resolving this issue.
How? Go to the Applications folder in the system, select the appropriate Python installation directory and double click on Certificates.command file.
CodePudding user response:
I should have searched a bit more. Here is the answer (for my self me in the future most likely).
You need a PEM file containing all the certificate chain (if applicable) of the server you want to contact. In my question, I downloaded only the end certificate, missing the root and intermediate one.
To achieve this, a manual option is to download all certificates from the browser (you can find plenty of examples on Internet on how to do that, like, for example, this one for Edge). You may find several nodes in the tree, download all of them.
After this is done, concatenate the certificates into one file, which would look like:
-----BEGIN CERTIFICATE-----
THE KEY
BLABLA
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
THE OTHER KEY
BLABLA
-----END CERTIFICATE-----
If you had to download N certificates, you should have N sections in your unique file.
THen, pass that file to the command line:
--cert my_file_with_all_the_certificates