Ruby-on-rails – How to solve “certificate verify failed” on Windows

ruby-on-railsssl

I am trying to use signet for OAuth to Google services. And get this error:

SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed

Following these questions:

Seems the solution is either to fix ca_path or to ~~set VERIFY_NONE for SSL~~.

The ca_path fix posted only works on Linux (port install) and the fix for VERIFY_NONE seems to be for faraday.

Is there a solution for Windows/signet gem?

Best Answer

Actually the best way I found to solve this in windows for Ruby itself, not just one gem, is to do the following:

Download https://curl.haxx.se/ca/cacert.pem into c:\railsinstaller\cacert.pem. Make sure you save it as a .pem file, rather than a text file.
Go to your Computer -> Advanced Settings -> Environment Variables
Create a new System Variable:

Variable: SSL_CERT_FILE Value: C:\RailsInstaller\cacert.pem
Close all your command prompts, including your Rails server command prompt, etc.

Start a new ruby irb prompt, and try the following:

$irb>require 'open-uri'
$irb>open('https://www.gmail.com')

It should all work now just fine.

Related Solutions

Git – SSL certificate rejected trying to access GitHub over HTTPS behind firewall

The problem is that you do not have any of Certification Authority certificates installed on your system. And these certs cannot be installed with cygwin's setup.exe.

Update: Install Net/ca-certificates package in cygwin (thanks dirkjot)

There are two solutions:

Actually install root certificates. Curl guys extracted for you certificates from Mozilla.

cacert.pem file is what you are looking for. This file contains > 250 CA certs (don't know how to trust this number of ppl). You need to download this file, split it to individual certificates put them to /usr/ssl/certs (your CApath) and index them.

Here is how to do it. With cygwin setup.exe install curl and openssl packages execute:
```
$ cd /usr/ssl/certs
$ curl http://curl.haxx.se/ca/cacert.pem |
  awk '{print > "cert" (1+n) ".pem"} /-----END CERTIFICATE-----/ {n++}'
$ c_rehash
```
Important: In order to use c_rehash you have to install openssl-perl too.
Ignore SSL certificate verification.

WARNING: Disabling SSL certificate verification has security implications. Without verification of the authenticity of SSL/HTTPS connections, a malicious attacker can impersonate a trusted endpoint (such as GitHub or some other remote Git host), and you'll be vulnerable to a Man-in-the-Middle Attack. Be sure you fully understand the security issues and your threat model before using this as a solution.
```
$ env GIT_SSL_NO_VERIFY=true git clone https://github...
```

Ruby-on-rails – How to get rid of OpenSSL::SSL::SSLError

Ruby cannot find any root certificates. Here is an option for debugging purposes. Put following code at the begining of your script:

   require 'openssl'
   OpenSSL::SSL::VERIFY_PEER = OpenSSL::SSL::VERIFY_NONE

Best Answer

Related Solutions

Git – SSL certificate rejected trying to access GitHub over HTTPS behind firewall

Ruby-on-rails – How to get rid of OpenSSL::SSL::SSLError

Related Topic