python easy_install fails with SSL certificate error for all packages

your curl cert is too old try to download new curl cert:

sudo wget http://curl.haxx.se/ca/cacert.pem -O /etc/pki/tls/certs/ca-bundle.crt

I found this page after looking for a solution to this problem. In case someone else has similar problem, the solution I found is:

At the start of the setuptools/ssl_support.py file (which is used by easy_install, and is inside the egg file: ./lib/python2.7/site-packages/setuptools-3.5.1-py2.7.egg), the certificate bundles files are hard-coded in cert_paths variable:

cert_paths = """
/etc/pki/tls/certs/ca-bundle.crt
/etc/ssl/certs/ca-certificates.crt
/usr/share/ssl/certs/ca-bundle.crt
/usr/local/share/certs/ca-root.crt
...etc..
"""

easy_install will use the first file that exists from this list, as it calls find_ca_bundle. If certificates in this cert bundle file are out of date, then easy_install will fail with this SSL error. So need to either update the certificate file or change the cert_paths in this ssl_support.py file, to point to a local up-to-date certs bundle file.


I have seen this problem in a specific environment: Mac OS X with macports, installing packages in user's local path. The solution was to install the certificates from curl:

port install curl-ca-bundle

Btw, until you don't have the ceritificates, most of the port, easy_install and pip commands will fail because the ssl error.