I am trying to post to a web service from my app and I am getting the following error frequently.
SSL_connect returned=1 errno=0 state=error: certificate verify failed (unable to get local issuer certificate)
I send post request with the crt file issued by compassplus and key file generated by myself.
def payment
@booking = 12
uri = URI("https://test.compassplus.com:8444/Exec")
xml = Builder::XmlMarkup.new
xml.instruct! :xml, :version => '1.0'
xml.TKKPG {
xml.Request {
xml.Operation("CreateOrder")
xml.language("EN")
xml.Order {
xml.OrderType("Purchase")
xml.Merchant("123456")
xml.Amount("10000")
xml.Currency("840")
xml.Description("Tour Purchase")
xml.ApproveURL("/thankyou.html")
xml.CancelURL("/error.html")
xml.DeclineURL("/declined.html")
xml.email("")
xml.phone("")
xml.AddParams {
xml.FADATA("")
xml.SenderPostalCode("")
xml.AcctType("")
xml.TranAddendums("")
xml.TranAdddendumsVISA("")
xml.TranAdddendumsMC("")
xml.TranAdddendumsAMEX("")
xml.TranAdddendumsJCB("")
xml.OrderExpirationPeriod("")
xml.OrigAmount("")
xml.OrigCurrency("")
}
}
}
}
http = Net::HTTP.new(uri.host, uri.port)
http.use_ssl = true
http.ssl_version = :TLSv1_2
http.verify_mode = OpenSSL::SSL::VERIFY_PEER
http.ca_file = File.read(File.join(Rails.root, "/crt/gvtrek.com.pem"))
@request = http.post(uri, xml)
end
I am getting SSL error when I send post request from localhost and timeout when I send it from production. I couldn't figure out the problem. Help me to get it fix. I am working on macOS Mojave.
The Ruby OpenSSL error certificate verify failed means your code can't verify that the SSL certificate of the website or API you're connecting to is the real one. It's important to solve this issue correctly to keep your communication secure.
The main goal of a CA is to verify the authenticity and trustworthiness of a website, domain and organization so users know exactly who they're communicating with online and whether that entity can be trusted with their data.
An SSL certificate is a digital certificate that authenticates a website's identity and enables an encrypted connection. SSL stands for Secure Sockets Layer, a security protocol that creates an encrypted link between a web server and a web browser.
After lots of testing, I found the correct solution. The problem was with the cert file declaration.
I tried sending the post request using the bundled cert files (example.com.pem)
http.ca_file = File.read(File.join(Rails.root, "/crt/example.com.pem"))
So, I changed the above declaration with the each crt and key files
http.cert = OpenSSL::X509::Certificate.new(File.read(File.join(Rails.root, "/crt/example.com.crt")))
http.key = OpenSSL::PKey::RSA.new(File.read(File.join(Rails.root, "/crt/example.com.key")))
req = Net::HTTP::Post.new(uri.path, initheader = {'Content-Type' =>'application/xml'}).
It now worked.
Complete code
uri = URI("https://test.compassplus.com:8444/Exec")
xml = "
<TKKPG>
<Request>
<Operation>CreateOrder</Operation>
<Language></Language>
<Order>
<OrderType>Purchase</OrderType>
<Merchant>99999</Merchant>
<Amount>10000</Amount>
<Currency>524</Currency>
<Description>Tour Purchase</Description>
<ApproveURL>/approve.html</ApproveURL>
<CancelURL>/cancel.html</CancelURL>
<DeclineURL></DeclineURL>
<email></email>
<phone></phone>
<AddParams>
<FA-DATA></FA-DATA>
<SenderPostalCode></SenderPostalCode>
<AcctType></AcctType>
<TranAddendums></TranAddendums>
<TranAddendumsVISA></TranAddendumsVISA>
<TranAddendumsMC></TranAddendumsMC>
<TranAddendumsAMEX></TranAddendumsAMEX>
<TranAddendumsJCB></TranAddendumsJCB>
<OrderExpirationPeriod></OrderExpirationPeriod>
<OrigAmount></OrigAmount>
<OrigCurrency></OrigCurrency>
</AddParams>
<Fee></Fee>
</Order>
</Request>
</TKKPG>
"
http = Net::HTTP.new(uri.host, uri.port)
http.use_ssl = true
http.ssl_version = :TLSv1_2
http.cert = OpenSSL::X509::Certificate.new(File.read(File.join(Rails.root, "/crt/example.com.crt")))
http.key = OpenSSL::PKey::RSA.new(File.read(File.join(Rails.root, "/crt/example.com.key")))
req = Net::HTTP::Post.new(uri.path, initheader = {'Content-Type' =>'application/xml'})
@res = http.request(req, xml)
Reference.
HTTP library for Ruby with HTTPS, SSL Client Certificate and Keep-Alive support?
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With