The Pip client may encounter the following error when attempting to perform a pip install <package> using the JFrog Artifactory:
ERROR: Could not find a version that satisfies the requirement <packagename> (from versions: none) ERROR: No matching distribution found for <package> InsecureRequestWarning: An unverified HTTPS request is being made to the host 'abc.com'. It is strongly recommended to add certificate verification. Please refer to https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings for more information.
This error typically occurs when the server presents an invalid or untrusted certificate to the client. Common reasons for this issue include certificate expiration, certificates not issued for the current domain, certificates not signed by a trusted certificate authority, misconfigurations, and more.
After encountering this error, we advise you to internally verify the SSL/TLS certificate with your certificate provider. You can obtain the certificate by executing the following command:
openssl s_client -connect <artifactoryurl>:443 -showcerts < /dev/null > artifactory.crt
Examine the downloaded certificate for any specific errors, such as "SSL handshake has read xxxx bytes and written xxxx bytes,
Verification error: unable to verify the first certificate." These errors indicate a misconfigured certificate and a failed SSL handshake.
If the certificate is valid but not trusted by the Pip client, you can include the certificate during the pip install process.
pip install <package_name> --cert /path/to/artifactory.crt
Workaround:
As a workaround, we can bypass the SSL/TLS certificate validation by the Pip client by passing the –trusted-host flag during the installation.
pip install <package-name> --trusted-host <internalIP>/<hostname>Note: Make sure to have the pip client and Artifactory in the same network while
using the Internal IP.