I am trying to run the gem
command to install/update some gems, but due to some network restrictions in this area, I get this error:
ERROR: While executing gem ... (OpenSSL::SSL::SSLError) SSL_connect returned=6 errno=0 state=SSLv3 read finished A
(I think) this is mainly because of tampering with the SSL certificates.
Is there anyway to tell gem
not to use SSL
, to avoid the error?
The gem command allows you to interact with RubyGems. Ruby 1.9 and newer ships with RubyGems built-in but you may need to upgrade for bug fixes or new features.
The Ruby OpenSSL error certificate verify failed means your code can't verify that the SSL certificate of the website or API you're connecting to is the real one. It's important to solve this issue correctly to keep your communication secure.
To know if the certificate for RubyGems.org is correct, your computer consults another certificate from a Certificate Authority (CA). The CA certificate bundle includes certificates from every company that provides SSL certificates for servers, like Verisign, Globalsign, and many others.
This meant the “root” certificate that needed to verify connections changed. So even if you’d previously upgraded RubyGems/Bundler in order to fix the SSL problem, you would need to upgrade again—this time to an even newer version with even newer certificates. Start by running the automatic SSL check, and follow the instructions.
As a result, security best practices suggest actively blocking all versions of SSL, as well as TLS versions 1.0 and 1.1. RubyGems.org uses a 3rd party CDN provider called Fastly, which lets users all around the world download gems really quickly.
Openssl command is a very powerful command to check certificate info in Linux. We can use the flowing command to check the SSL certificate. openssl s_client -servername <NAME> -connect <HOST:PORT> 2>/dev/null | openssl x509 -noout -text
Use HTTP instead of HTTPS if you are unable to solve the certs issue:
$ gem install rails --source http://rubygems.org
To avoid repeating this every time, either edit your ~/.gemrc
or edit the file through the command line, like this:
$ gem sources --add http://rubygems.org $ gem sources --remove https://rubygems.org $ gem sources --list *** CURRENT SOURCES *** http://rubygems.org
Also, en every Gemfile
you will need to change the first line from:
source 'https://rubygems.org'
To:
source 'http://rubygems.org'
Of course it would be much better if you manage to solve the certs
issue as @p11y suggested on his comment.
The accepted answer didn't work for me. The following, however, did.
Edit .gemrc file
Specifically %HOMEPATH% in the event your path is different.
- Thanks goes out to @AaronChristiansen for pointing this out.
add:
:ssl_verify_mode: 0
It displayed the SSL errors but the install was successful.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With