Config MSYS2 Fortran environment running via Proxy and CA root certification on Windows


Most IT companies today distribute computers that connect to VPC virtual computers through a proxy port and have internal CA certification installed.
If you only install it on your personal computer, skip this article.

When installing the msys2 system and updating packages using the pacman -Syu command,
you may get some errors of not being able to connect to repo.msys2.org ,
or SSL_ERROR_SYSCALL error.
Possible causes are stated on the MSYS2 homepage in the answer to the FAQ question below:

You can get the CA certificate file from the company, or follow the instructions in the following answer on stackoverflow:

https://stackoverflow.com/questions/69348953/certificate-error-when-trying-to-install-msys2-packages-on-windows-server/70398349#70398349

You now have a .crt file containing the CA certification.
Let’s start to import into MSYS2:

  • Open MSYS2 shell
  • Copy file .crt/.pem to msys64/etc/pki/ca-trust/source/anchors
  • Access to anchors folder :
    cd msys64/etc/pki/ca-trust/source/anchors
  • If you have file .pem then need to extract to .crt file to anchors folder :
    update-ca-trust extract
  • If ready have openssl installed in PC, we can check .crt file is acceptable or not :
    openssl verify ZScalar.crt
    OutPut :
    ZScalar.crt: OK

  • Update CA certification to MSYS2 setting :
    update-ca-trust  (không có output )
  • Check the Issuer of CA certification :
    openssl x509 -in ZScalar.crt -noout -text |grep -i "issue"
    OutPut : (here we have
    Issuer: CN=some_issuer_in_US
    Check .crt file ready import to MSYS2 by comparing the upper Issuer with the issuer of ca-bundle.crt in the directory C:\msys64\usr\ssl\certs\ . Run under command :
    grep -i "something_strings" C:\msys64\usr\ssl\certs/ca-bundle.crt

    If output is some_issuer_in_US then CA is ready imported in MSYS2
  • Check the connection to server MSYS :
    curl --fail --silent --show-error -I https://repo.msys2.org
  • If you still can’t connect, you probably connected to the internet through a company proxy. You received the proxy address along with the port when setting up your company’s computer or VPC. Add the following line to the bottom of the file C:/msys64/etc/profile . There are instructions to create a new file profile.sh in the C:\msys64\etc\profile.d\ but it will not actually run.

    #Proxy Setting
    export HTTP_PROXY="IpAddress:Port" # Like: 127.0.0.1:1477
    export HTTPS_PROXY=$HTTP_PROXY
    export http_proxy=$HTTP_PROXY
    export https_proxy=$HTTP_PROXY

  • Update MSYS2 :
    pacman -Syu
    pacman -Su

  • Well done !!!


Leave a Reply

Your email address will not be published. Required fields are marked *