Cannot run git nor brew: 'SSL: can't load CA certificate file ~/Documents/Certificates.pem'
Hello All,
0. Firstly, I am not very Unix savvy. For instance, I don't know what the purpose of certificates are, and I don't know if this is the right forum for this question.
1. The problem: I can't use homebrew or use git. Running git pull, for instance, gives the following error:
Code:
fatal: unable to access 'https://icaswell@bitbucket.org/binarycalculus/cs-221-project.git/': SSL: can't load CA certificate file ~/Documents/Certificates.pem
Also, if I try to install brew, it claims to be installed, but if I then run
. Although after a failed git pull, it will try to install brew and then eventually crash with the same message about Certificates.pem. (A sample session with these errors is included in the appendix of this question.)
2. some things I know about the problem:
a. The problem first occurred when I upgraded to Yosemite from Maverics on my macbook pro non-retina (3 months old) a few months ago. After migrating my data (but NOT my applications, as they were causing Migration Assistant to crash) to a brand new Macbook pro retina, the problem persists.
b. It is entirely likely that I modified some important file (like .profile) in a destructive way some time in the past, while trying to install something beyond my knowledge. I suspect that something like this is the culprit.
c. "~/Documents/Certificates.pem" isn't found in google search, so I suspect already that there is something fishy with this.
d. There appears to expired certificate in Certificates.pem
e. Macports, Octave and TexWorks might have been involved in Migration Assistant crashing, and which may or may not be a related problem.
3. Appendix:
a. An example session showing errors:
Code:
Last login: Sun Dec 28 20:43:37 on ttys000
Isaacs-MBP:~ trogmentdean$ ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"
It appears Homebrew is already installed. If your intent is to reinstall you
should do the following before running this installer again:
rm -rf /usr/local/Cellar /usr/local/.git && brew cleanup
Isaacs-MBP:~ trogmentdean$
Isaacs-MBP:~ trogmentdean$ rm -rf /usr/local/Cellar /usr/local/.git && brew cleanup
-bash: brew: command not found
Isaacs-MBP:~ trogmentdean$ cd scripts/cs224w/project/cs-221-project/
Isaacs-MBP:cs-221-project trogmentdean$ git pull
fatal: unable to access 'https://icaswell@bitbucket.org/binarycalculus/cs-221-project.git/': SSL: can't load CA certificate file ~/Documents/Certificates.pem
Isaacs-MBP:cs-221-project trogmentdean$
Isaacs-MBP:cs-221-project trogmentdean$
Isaacs-MBP:cs-221-project trogmentdean$
Isaacs-MBP:cs-221-project trogmentdean$ ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"
==> This script will install:
/usr/local/bin/brew
/usr/local/Library/...
/usr/local/share/man/man1/brew.1
Press RETURN to continue or any other key to abort
==> /usr/bin/sudo /bin/chmod g+rwx /Library/Caches/Homebrew
Password:
==> Downloading and installing Homebrew...
fatal: unable to access 'https://github.com/Homebrew/homebrew/': SSL: can't load CA certificate file ~/Documents/Certificates.pem
Failed during: git fetch origin master:refs/remotes/origin/master -n
Isaacs-MBP:cs-221-project trogmentdean$
Isaacs-MBP:cs-221-project trogmentdean$
Isaacs-MBP:cs-221-project trogmentdean$ ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"
It appears Homebrew is already installed. If your intent is to reinstall you
should do the following before running this installer again:
rm -rf /usr/local/Cellar /usr/local/.git && brew cleanup
Isaacs-MBP:cs-221-project trogmentdean$
b. my .profile file:
Code:
# MacPorts Installer addition on 2012-05-10_at_22:09:10: adding an appropriate PATH variable for use with MacPorts.
# before meddling: export PATH=/opt/local/bin:/opt/local/sbin$PATH
export PATH=/Users/trogmentdean/Documents/:/opt/local/bin:/opt/local/sbin:/usr/local/sbin/:/usr/local/bin$PATH
# Finished adapting your PATH environment variable for use with MacPorts.
# MacPorts Installer addition on 2012-05-10_at_22:09:10: adding an appropriate MANPATH variable for use with MacPorts.
export MANPATH=/opt/local/share/man:$MANPATH
# Finished adapting your MANPATH environment variable for use with MacPorts.
PYTHONPATH="${PYTHONPATH}:/Users/trogmentdean/libs"
export PYTHONPATH
##
# Your previous /Users/Isaac 1/.profile file was backed up as /Users/Isaac 1/.profile.macports-saved_2014-10-14_at_04:32:20
##
# MacPorts Installer addition on 2014-10-14_at_04:32:20: adding an appropriate PATH variable for use with MacPorts.
export PATH="/opt/local/bin:/opt/local/sbin:$PATH"
# Finished adapting your PATH environment variable for use with MacPorts.
For instance, I don't know what the purpose of certificates are
This hasn't got anything to do with UNIX. A certificate is an authentication mechanism, like a key for a certain lock. If you are in posssession of the key you can open the lock, otherwise it stays locked.
Quote:
Originally Posted by isaac_caswell
Code:
fatal: unable to access 'https://icaswell@bitbucket.org/binarycalculus/cs-221-project.git/': SSL: can't load CA certificate file ~/Documents/Certificates.pem
This should be obvious enough: You tried to contact the given URL. The browser software tried to load a requested certificate from a file (with stored certificates) located in "~/Documents/Certificates.pem" This file is named "Certificates.pem" and located in your HOME directory (this is what "~" means), in a directory called "Documents". Alas, this files seems not to exist, the browser process has insufficient privileges to access it or something else prevents the process from poperly reading it.
Quote:
Originally Posted by isaac_caswell
Also, if I try to install brew, it claims to be installed, but [...] it complains that
Code:
brew: command not found
.
A program might be installed but to call it without a path ("command" instead of "/path/to/command") the path it resides in has to be included in the variable PATH. Do the following:
1) find out where the executable "brew" is:
Code:
find / -type f -name "brew" -print
This will take several minutes because it searches all your mounted filesystems. There are better ways to find it, but they are more complicated to explain, this is the "brute-force method" but guaranteed to work.
2) you get eventually an output of "/some/path/to/brew". This path has to be included into your PATH variable. Do an:
Code:
echo $PATH
and you will see a list of such pathes, separated by colon characters, similar to this:
Now you can issue the command "brew" without having to specify the whole path to it. Note that this will last for only this session because the change to the PATH variable will not be permanent. For this you will have to edit your startup files ("~/.profile" or some rc-file, depending on the shell you use).
There remains however the fundamental problem: Why isn't it finding Certificates.pem? A file by this name does indeed exist in ~/Documents/.
You write the possible reasons are "the browser process has insufficient privileges to access it or something else prevents the process from poperly reading it"--how might I go about finding this?
Furthermore,
Code:
sudo find / -type f -name "brew" -print
has been running for about half an hour now--is that normal?:
Code:
$ sudo find / -type f -name "brew" -print
Password:
find: /dev/fd/3: Not a directory
find: /dev/fd/4: Not a directory
[cursor]
Hello!
I had a cron job running on my website, activating a php script every friday. The Php script just activated another photo to add in the gallery. It worked fine until I got an SSL certificate for my website, then everything broke.
This was the command before:
lynx -source... (0 Replies)
Hey everyone, I'm trying to get a lay of the land for OS and Application Certificate Stores. Can someone confirm that I have this concept right?
If the application you're using say Firefox has it's own trusted CA store, it uses that exclusively. So if you're running firefox in Windows, Firefox... (4 Replies)
Hi everyone,
I am working on a Nginx + Apache installation for learning purposes, and just got to the point of installing a self-signed certificate for securing some pages that will be used to send "sensitive" information such as login credentials. So far so good.
What a I want to know is how can... (2 Replies)
we are doing TCP for our systems. I have a working SSL certificate on prodction webserver. Im planning to export it to our DR server for TCP purposes. However when I export based on the procedure below, it doesn't work. When I restart the DR webserver, it still says the certifcate is expired.Any... (1 Reply)
Hi guys.
I have some questions about ssl certificates.
I looked at SSL providers and saw that they are providing 2 types of certificates: per server or per domain.
my server host name is: srv1.example.com
I have a smtp, imap, web server on this box. but all services accessed by different... (1 Reply)
Can someone guide me as to how SSL certificates are created for a new AIX box? I am a novice to system administration.
Thanks in advance
Gayathri (1 Reply)
Hello all :b:
I need a little advice on securing my VSFTPD server. I currently have it setup and working using a self signed certificate by following instructions on the net and im happy with it to a certain extent.
One of my clients is not... He said he cannot connect to the server unless... (1 Reply)
Does anyone know how to extract the expiration date of a Solaris 9 certificate? I have searched over the 'net and it seems this command ssl-cert-check comes up often but this does not work on my servers. Not sure how to extraxt the expiration dates of the SSL Certs so if anyone can help that would... (2 Replies)
Hello,
I am new in UNIX, and some one asks me to install SSL certificates to allow exchange with an external system.
Can someone tell how to install certificate (ex : verisignxxx.cer) on a UNIX server?
Many thanks.
Tibo (4 Replies)
Dear All
Anyone know how to issue two different certification on apache virtualhost fyi i have one virtualhost eg 69.192.1.25:443 already signed with verisign how can i configure another virtualhost 69.192.1.25:443 which signing with another certificate which self signing. i search net not... (1 Reply)
