Error:: github :: Peer certificate cannot be authenticated with given CA certificates

Published by onesixx on

https://www.r-bloggers.com/fixing-peer-certificate-cannot-be-authenticated/

 

에러 발생

> devtools::install_github("rstudio/tensorflow")
Error in curl::curl_fetch_disk(url, x$path, handle = handle) : 
  Peer certificate cannot be authenticated with given CA certificates

해결

> library(httr)
> set_config(config(ssl_verifypeer = 0L))

 

 

 

https://stackoverflow.com/questions/21181231/server-certificate-verification-failed-cafile-etc-ssl-certs-ca-certificates-c

TLDR:

hostname=XXX
port=443
trust_cert_file_location=`curl-config --ca`
sudo bash -c "echo -n | openssl s_client -showcerts -connect $hostname:$port 2>/dev/null  | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' >> $trust_cert_file_location"

Long answer

The basic reason is that your computer doesn’t trust the certificate authority that signed the certificate used on the Gitlab server. This doesn’t mean the certificate is suspicious, but it could be self-signed or signed by an institution/company that isn’t in the list of your OS’s list of CAs. What you have to do to circumvent the problem on your computer is telling it to trust that certificate – if you don’t have any reason to be suspicious about it.

You need to check the web certificate used for your gitLab server, and add it to your </git_installation_folder>/bin/curl-ca-bundle.crt.

To check if at least the clone works without checking said certificate, you can set:

export GIT_SSL_NO_VERIFY=1
#or
git config --global http.sslverify false

But that would be for testing only, as illustrated in “SSL works with browser, wget, and curl, but fails with git“, or in this blog post.

Check your GitLab settings, a in issue 4272.


To get that certificate (that you would need to add to your curl-ca-bundle.crt file), type a:

echo -n | 
openssl s_client -showcerts -connect yourserver.com:YourHttpGilabPort 2>/dev/null  | 
sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'

(with ‘yourserver.com’ being your GitLab server name)

To check the CA (Certificate Authority issuer), type a:

echo -n | 
openssl s_client -showcerts -connect yourserver.com:YourHttpGilabPort 2>/dev/null  | 
sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'| openssl x509 -noout -text | grep "CA Issuers" | head -1

Findekano adds in the comments:

to identify the location of curl-ca-bundle.crt, you could use the command

curl-config --ca

 

 

 

 

 

========================

http://stackoverflow.com/questions/31293325/r-install-github-fails

certificate 에러발생

> install_github("slidify","ramnathv")
Error in curl::curl_fetch_disk(url, x$path, handle = handle) : 
  Peer certificate cannot be authenticated with given CA certificates

In addition: Warning message:
Username parameter is deprecated. Please use ramnathv/slidify

CURLOPT_SSL_VERIFYPEER 를 false로 설정한다. 
이 옵션은 curl이 peer의 certificate이 진짜임을 확인할지 말지를 결정한다. (1은 확인, 0은 확인안함)
http://curl.haxx.se/libcurl/c/CURLOPT_SSL_VERIFYPEER.html

관련 Option은 RCurl에 넘겨줄 필요가 있다.
In RCurl the CURLOPT_ is removed letters are lowercase and the underscore is changed to ..

 

해결방법

library(RCurl)
library(httr)
set_config( config( ssl_verifypeer = 0L ) )

–no-check-certificate

 


onesixx

Blog Owner

Leave a Reply

Your email address will not be published.