Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed

I used RVM to install Ruby 1.9.3 on Ubuntu 12.04 by doing

rvm pkg install openssl
rvm install 1.9.3 --with-openssl-dir=$rvm_path/usr

And then when I try to run something along the lines of:

require 'open-uri'
open('https://www.google.com/')

I get the error: OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed

How do I solve this? I have many similar threads where people have this problem in OSX, but how do I resolve it in Ubuntu?

Thanks for your help.

like image 924
aren55555 Avatar asked May 23 '12 21:05

aren55555


People also ask

What is OpenSSL verification error?

Summary. The Ruby OpenSSL error certificate verify failed means your code can't verify that the SSL certificate of the website or API you're connecting to is the real one. It's important to solve this issue correctly to keep your communication secure.


2 Answers

That sometimes happens if the default 'OpenSSL directory' is not set correctly with the native OpenSSL library. open-uri uses OpenSSL::X509::Store#set_default_paths in order to tell OpenSSL to look in the OpenSSL directory for the file that contains the trusted root certificates that OpenSSL trusts by default.

In your case, this lookup fails. You can make it succeed by setting an environment variable that overrides the default setting and tells OpenSSL to look in that directory instead:

export SSL_CERT_FILE=/etc/pki/tls/cert.pem

That's the default location for the root CA bundle on my Fedora 16 64 bit, other popular locations are /etc/ssl/ca-bundle.crt etc. In your case, the OpenSSL library used by RVM is located in $rvm_path/usr, so you should look around there for a suitable candidate for the default root CA file. After the environment variable is set correctly, the call to open-uri will succeed.

To make the environment variable permanent, use the usual ways such as defining the export in .bashrc, /etc/profile or whatever fits best in your situation.

like image 81
emboss Avatar answered Oct 26 '22 15:10

emboss


Add the 'certified' gem to your Gemfile.

More info: https://rubygems.org/gems/certified

like image 35
Meekohi Avatar answered Oct 26 '22 16:10

Meekohi