OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed

Question

I used RVM to install Ruby 1.9.3 on Ubuntu 12.04 by doing

rvm pkg install openssl
rvm install 1.9.3 --with-openssl-dir=$rvm_path/usr

And then when I try to run something along the lines of:

require 'open-uri'
open('https://www.google.com/')

I get the error: OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed

How do I solve this? I have many similar threads where people have this problem in OSX, but how do I resolve it in Ubuntu?

Thanks for your help.

Answer 1

That sometimes happens if the default 'OpenSSL directory' is not set correctly with the native OpenSSL library. open-uri uses OpenSSL::X509::Store#set_default_paths in order to tell OpenSSL to look in the OpenSSL directory for the file that contains the trusted root certificates that OpenSSL trusts by default.

In your case, this lookup fails. You can make it succeed by setting an environment variable that overrides the default setting and tells OpenSSL to look in that directory instead:

export SSL_CERT_FILE=/etc/pki/tls/cert.pem

That's the default location for the root CA bundle on my Fedora 16 64 bit, other popular locations are /etc/ssl/ca-bundle.crt etc. In your case, the OpenSSL library used by RVM is located in $rvm_path/usr, so you should look around there for a suitable candidate for the default root CA file. After the environment variable is set correctly, the call to open-uri will succeed.

To make the environment variable permanent, use the usual ways such as defining the export in .bashrc, /etc/profile or whatever fits best in your situation.

Answer 2

Add the 'certified' gem to your Gemfile.

More info: https://rubygems.org/gems/certified