Menu
I am trying to find an answer to some simple questions.
gem as well)Background
I am using a mac (Sierra currently), and rbenv/ruby-build for installing rubies. We have set up an internal rubygems repository using Sonatype Nexus. The server's certificate is signed by the company's internal root certificate, which I have a copy of.
As soon as I tried to add our repository as a source
gem sources --add https://our.repository.com/bla/bla
it barfed about the certificate's root not being trusted. This is the same issue I encounter when trying to pull from the repository (as a proxy) and would be an issue for any other teams using our gems. I need a good solution to advise my team and others.
Obviously, I am able to use it if I set the environment variable SSL_CERT_FILE=/path/to/root_cert.pem. But I would prefer to place the cert file in a trusted location and let it work transparently as I would for Java trust stores.
520
From some investigation and experimentation I've realised the following notes. (I recommend doing a brew info openssl for this info):
Take a look at the interesting part of output from homebrew regarding openssl:
$ brew info openssl
...
A CA file has been bootstrapped using certificates from the SystemRoots
keychain. To add additional certificates (e.g. the certificates added in
the System keychain), place .pem files in
/usr/local/etc/openssl/certs
and run
/usr/local/opt/openssl/bin/c_rehash
This formula is keg-only, which means it was not symlinked into /usr/local,
because Apple has deprecated use of OpenSSL in favor of its own TLS and crypto libraries.
...
So all I had to do was the following, and all my SSL issues went away for Ruby:
cp /path/to/my/root_certificate.pem /usr/local/etc/openssl/certs
/usr/local/opt/openssl/bin/c_rehash
Hope that helps others
195
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With