I am using Authlogic-Connect for third party logins. After running appropriate migrations, Twitter/Google/yahoo logins seem to work fine but the facebook login throws exception:
SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
The dev log shows
OpenSSL::SSL::SSLError (SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed):
app/controllers/users_controller.rb:37:in `update'
Please suggest..
I ran into a similar problem when trying to use the JQuery generator for Rails 3
I solved it like this:
Get the CURL Certificate Authority (CA) bundle. You can do this with:
sudo port install curl-ca-bundle [if you are using MacPorts]
or just pull it down directly wget http://curl.haxx.se/ca/cacert.pem
Execute the ruby code that is trying to verify the SSL certification: SSL_CERT_FILE=/opt/local/etc/certs/cacert.pem rails generate jquery:install. In your case, you want to either set this as an environment variable somewhere the server picks it up or add something like ENV['SSL_CERT_FILE'] = /path/to/your/new/cacert.pem in your environment.rb file.
You can also just install the CA files (I haven't tried this) to the OS -- there are lengthy instructions here -- this should work in a similar fashion, but I have not tried this personally.
Basically, the issue you are hitting is that some web service is responding with a certificate signed against a CA that OpenSSL cannot verify.
If you're using RVM on OS X, you probably need to run this:
rvm osx-ssl-certs update all
More information here: http://rvm.io/support/fixing-broken-ssl-certificates
And here is the full explanation: https://github.com/wayneeseguin/rvm/blob/master/help/osx-ssl-certs.md
Update
On Ruby 2.2, you may have to reinstall Ruby from source to fix this. Here's how (replace 2.2.3 with your Ruby version):
rvm reinstall 2.2.3 --disable-binary
Credit to https://stackoverflow.com/a/32363597/4353 and Ian Connor.
Here's how you can fix it on Windows: https://gist.github.com/867550 (created by Fletcher Nichol)
Excerpt:
The Manual Way (Boring)
Download the cacert.pem file from http://curl.haxx.se/ca/cacert.pem. Save this file to C:\RailsInstaller\cacert.pem.
Now make ruby aware of your certificate authority bundle by setting SSL_CERT_FILE. To set this in your current command prompt session, type:
set SSL_CERT_FILE=C:\RailsInstaller\cacert.pem
To make this a permanent setting, add this in your control panel.
Ruby can't find any root certificates to trust.
Take a look at this blog post for a solution: "Ruby 1.9 and the SSL error".
The solution is to install the curl-ca-bundle port which contains the same root certificates used by Firefox:
sudo port install curl-ca-bundle
and tell your https object to use it:
https.ca_file = '/opt/local/share/curl/curl-ca-bundle.crt'
Note that if you want your code to run on Ubuntu, you need to set the ca_path attribute instead, with the default certificates location /etc/ssl/certs.
The reason that you get this error on OSX is the rvm-installed ruby.
If you run into this issue on OSX you can find a really broad explanation of it in this blog post:
http://toadle.me/2015/04/16/fixing-failing-ssl-verification-with-rvm.html
The short version is that, for some versions of Ruby, RVM downloads pre-compiled binaries, which look for certificates in the wrong location. By forcing RVM to download the source and compile on your own machine, you ensure that the configuration for the certificate location is correct.
The command to do this is:
rvm install 2.2.0 --disable-binary
if you already have the version in question, you can re-install it with:
rvm reinstall 2.2.0 --disable-binary
(obviously, substitute your ruby version as needed).
The issue is that ruby can not find a root certificate to trust. As of 1.9 ruby checks this. You will need to make sure that you have the curl certificate on your system in the form of a pem file. You will also need to make sure that the certificate is in the location that ruby expects it to be. You can get this certificate at...
http://curl.haxx.se/ca/cacert.pem
If your a RVM and OSX user then your certificate file location will vary based on what version of ruby your using. Setting the path explicitly with :ca_path is a BAD idea as your code will not be portable when it gets to production. There for you want to provide ruby with a certificate in the default location(and assume your dev ops guys know what they are doing). You can use dtruss to work out where the system is looking for the certificate file.
In my case the system was looking for the cert file in
/Users/stewart.matheson/.rvm/usr/ssl/cert.pem
however MACOSX system would expect a certificate in
/System/Library/OpenSSL/cert.pem
I copied the downloaded cert to this path and it worked. HTH
The new certified gem is designed to fix this:
https://github.com/stevegraham/certified
Just add gem 'certified' in your gemfile and run bundle install.
gem 'certified'
bundle install
On Mac OS X Lion with the latest macport:
sudo port install curl-ca-bundle
export SSL_CERT_FILE=/opt/local/share/curl/curl-ca-bundle.crt
Then, rerun the failed job.
Note, the cert file location seems to have changed since Eric G answered on May 12.
Here's another option for debugging purposes.
Be sure never to use this in any production environment, as it will negate benefits of using SSL in the first place. It is only ever valid to do this in your local development environment.
require 'openssl'
OpenSSL::SSL::VERIFY_PEER = OpenSSL::SSL::VERIFY_NONE
A one liner fixes it for Windows in an Admin prompt
choco install wget (first see chocolatey.org)
wget http://curl.haxx.se/ca/cacert.pem -O C:\cacert.pem && setx /M SSL_CERT_FILE "C:\cacert.pem"
Or just do this:
gem sources -r https://rubygems.org/
gem sources -a http://rubygems.org/
Milanio's method:
gem sources -r https://rubygems.org
gem sources -a http://rubygems.org
gem update --system
gem sources -r http://rubygems.org
gem sources -a https://rubygems.org
gem install [NAME_OF_GEM]
Well this worked for me
rvm pkg install openssl
rvm reinstall 1.9.2 --with-openssl-dir=$rvm_path/usr
Something is wrong with openssl implementation of my ubuntu 12.04
While knowing it's rather a lame solution, I'm still sharing this because it seems like very few people answering here use Windows, and I think some of Windows users (me included) would appreciate a simple and intuitive approach.
require 'openssl'
puts OpenSSL::X509::DEFAULT_CERT_FILE
That tells where your openssl is looking for the cert file. My name is not Luis, but mine was C:/Users/Luis/Code/luislavena/knap-build/var/knapsack/software/x86-windows/openssl/1.0.0l/ssl/cert.pem. The path may be different depending on each own environments (e.g. openknapsack instead of luislavena).
The path didn't change even after set SSL_CERT_FILE=C:\foo\bar\baz\cert.pem via the console, so... I created the directory C:\Users\Luis\Code\luislavena\knap-build\var\knapsack\software\x86-windows\openssl\1.0.0l\ssl in my local disk and put a cert file into it.
Lame as it is, this will surely work.
I've try install curl-ca-bundle with brew, but the package is no available more:
$ brew install curl-ca-bundle
Error: No available formula for curl-ca-bundle
Searching formulae...
Searching taps...
The solution that worked to me on Mac was:
$ cd /usr/local/etc/openssl/certs/
$ sudo curl -O http://curl.haxx.se/ca/cacert.pem
Add this line in your ~/.bash_profile (or ~/.zshrc for zsh):
export SSL_CERT_FILE=/usr/local/etc/openssl/certs/cacert.pem
Then update your terminal:
$ source ~/.bash_profile
I had this same issue while working on a Ruby project. I am using Windows 7 64bit.
I resolved this by:
Downloading the cacert.pem file from http://curl.haxx.se/ca/cacert.pem.
Saved that file to C:/RubyCertificates/cacert.pem
Then set my environmental variable "SSL_CERT_FILE" to "C:\RubyCertificates\cacert.pem"
source: https://gist.github.com/fnichol/867550
The most straightforward answer which worked for me was this
sudo apt-get install openssl ca-certificates
And voila!!!
OS X 10.8.x with Homebrew:
brew install curl-ca-bundle
brew list curl-ca-bundle
cp /usr/local/Cellar/curl-ca-bundle/1.87/share/ca-bundle.crt /usr/local/etc/openssl/cert.pem
Then, as this blog post suggests,
"How to Cure Net::HTTP’s Risky Default HTTPS Behavior"
you might want to install the always_verify_ssl_certificates gem that allow you to set a default value for ca_file.
This worked for me. If you using rvm and brew:
rvm remove 1.9.3
brew install openssl
rvm install 1.9.3 --with-openssl-dir=`brew --prefix openssl`
I ran into this issue and the suggested fix of rvm osx-ssl-certs update all did not work despite that I am an RVM user on OSX.
The fix that worked for me was re-installing the latest version of openssl:
brew update
brew remove openssl
brew install openssl
I fixed this problem by running this in terminal. Full writeup is available over here
rvm install 2.2.0 --disable-binary
OSX solution:
install latest rvm stable version
rvm get stable
use rvm command to solve the certificates automatically
rvm osx-ssl-certs update all
If you are running your rails app locally then just add this line at the bottom of application.rb.
OpenSSL::SSL::VERIFY_PEER = OpenSSL::SSL::VERIFY_NONE
After this you can use the app without any issues. You may call it a hack but it is not recommended. Use only when you need to run locally
Here's what I did that helped if you are specifically having a problem on Leopard.
My cert was old and needed to be updated. I downloaded this:
http://curl.haxx.se/ca/cacert.pem
Then replaced my cert which was found here on Leopard:
/usr/share/curl/curl-ca-bundle.crt
Reload whatever you have that's accessing it and you should be good to go!
Just because instructions were a slight bit different for what worked for me, I thought I add my 2 cents:
I'm on OS X Lion and using macports and rvm
I installed curl-ca-bundle:
sudo port install curl-ca-bundle
Then I adjusted my omniauth config to be this:
Rails.application.config.middleware.use OmniAuth::Builder do
provider :google_oauth2, APP_CONFIG['CONSUMER_KEY'], APP_CONFIG['CONSUMER_SECRET'],
:scope => 'https://www.google.com/m8/feeds https://www.googleapis.com/auth/userinfo.profile',
:ssl => {:ca_path => "/share/curl/curl-ca-bundle.crt"}
end
If you have a symbolic link in the /usr/local/etc/openssl pointing to cert.pem try to do this:
ruby -ropenssl -e "p OpenSSL::X509::DEFAULT_CERT_FILE" (should be /usr/local/etc/openssl)
cd /usr/local/etc/openssl
wget http://curl.haxx.se/ca/cacert.pem
ln -s cacert.pem 77ee3751.0 (77ee3751.0 is my symbolic link, should depend on the openssl version)
What worked for me is a combination of answers, namely:
# Reinstall OpenSSL
brew update
brew remove openssl
brew install openssl
# Download CURL CA bundle
cd /usr/local/etc/openssl/certs
wget http://curl.haxx.se/ca/cacert.pem
/usr/local/opt/openssl/bin/c_rehash
# Reinstall Ruby from source
rvm reinstall 2.2.3 --disable-binary
I had trouble for a number of days and was hacking around. This link proved out to be extremely helpful for me. It helped me to do a successful upgrade of the SSL on MAC OS X 9.
Sometime it's not always rvm's problem
in MAC OSX,if you remove .rvm,the problem still(espcially while you backup data from timemachine) ,you can try this way.
1.brew update
2.brew install openssl
Adding gem 'certified', '~> 1.0' to my Gemfile and running bundle solved this issue for me.
Related
I am using overcommit gem (https://github.com/brigade/overcommit) in my project, when I use Github Desktop for osx I get these errors:
This repository contains hooks installed by Overcommit, but the
overcommit gem is not installed. Install it with gem install
overcommit. (1)
The gem is installed, it works in terminal. I guess it's because I use rvm and Github Desktop doesn't know about rvm. Anybody knows how to fix this?
Ok finally got it to work!
Combined the answer from #michelegera with comment from #rewritten
Step 1:
sudo su -
gem install bundler
gem install overcommit
gem install rubocop
Step 2: added command: ['bundle', 'exec', 'rubocop'] to .overcommit.yml
Thanks for the help!
Most likely it's this line where the error occurs. As you can see the main issue is that it's not able to require 'overcommit'. I don't know the GitHub desktop client so well (maybe there is a way to configure it inside of it), but one thing you could do is adding the absolute path where rvm stores your gems to the "require path" in the hook file. This could look like:
$: << "/home/user/.rvm/path/to/gems/dir"
The disadvantage of this is that you would have your absolute path in the hook file and it most likely won't work for others. You might also want to consider installing the gem globally for the the ruby interpreter that executes the script (see Shebang line in the hook file).
You are right, Github Desktop (or any other GUI) isn’t running in your terminal environment, so it knows nothing about your specific RVM installation.
A simple solution is to install overcommit and any other gems required by your hooks into your system Ruby:
sudo su -
gem install bundler
gem install overcommit
gem install rubocop
...
If you installed Git via Homebrew or other means, you might have to change the Git binary used by your GUI.
For example, in Tower, I selected Homebrew’s version rather than the System’s.
I am using Authlogic-Connect for third party logins. After running appropriate migrations, Twitter/Google/yahoo logins seem to work fine but the facebook login throws exception:
SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
The dev log shows
OpenSSL::SSL::SSLError (SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed):
app/controllers/users_controller.rb:37:in `update'
Please suggest..
I ran into a similar problem when trying to use the JQuery generator for Rails 3
I solved it like this:
Get the CURL Certificate Authority (CA) bundle. You can do this with:
sudo port install curl-ca-bundle [if you are using MacPorts]
or just pull it down directly wget http://curl.haxx.se/ca/cacert.pem
Execute the ruby code that is trying to verify the SSL certification: SSL_CERT_FILE=/opt/local/etc/certs/cacert.pem rails generate jquery:install. In your case, you want to either set this as an environment variable somewhere the server picks it up or add something like ENV['SSL_CERT_FILE'] = /path/to/your/new/cacert.pem in your environment.rb file.
You can also just install the CA files (I haven't tried this) to the OS -- there are lengthy instructions here -- this should work in a similar fashion, but I have not tried this personally.
Basically, the issue you are hitting is that some web service is responding with a certificate signed against a CA that OpenSSL cannot verify.
If you're using RVM on OS X, you probably need to run this:
rvm osx-ssl-certs update all
More information here: http://rvm.io/support/fixing-broken-ssl-certificates
And here is the full explanation: https://github.com/wayneeseguin/rvm/blob/master/help/osx-ssl-certs.md
Update
On Ruby 2.2, you may have to reinstall Ruby from source to fix this. Here's how (replace 2.2.3 with your Ruby version):
rvm reinstall 2.2.3 --disable-binary
Credit to https://stackoverflow.com/a/32363597/4353 and Ian Connor.
Here's how you can fix it on Windows: https://gist.github.com/867550 (created by Fletcher Nichol)
Excerpt:
The Manual Way (Boring)
Download the cacert.pem file from http://curl.haxx.se/ca/cacert.pem. Save this file to C:\RailsInstaller\cacert.pem.
Now make ruby aware of your certificate authority bundle by setting SSL_CERT_FILE. To set this in your current command prompt session, type:
set SSL_CERT_FILE=C:\RailsInstaller\cacert.pem
To make this a permanent setting, add this in your control panel.
Ruby can't find any root certificates to trust.
Take a look at this blog post for a solution: "Ruby 1.9 and the SSL error".
The solution is to install the curl-ca-bundle port which contains the same root certificates used by Firefox:
sudo port install curl-ca-bundle
and tell your https object to use it:
https.ca_file = '/opt/local/share/curl/curl-ca-bundle.crt'
Note that if you want your code to run on Ubuntu, you need to set the ca_path attribute instead, with the default certificates location /etc/ssl/certs.
The reason that you get this error on OSX is the rvm-installed ruby.
If you run into this issue on OSX you can find a really broad explanation of it in this blog post:
http://toadle.me/2015/04/16/fixing-failing-ssl-verification-with-rvm.html
The short version is that, for some versions of Ruby, RVM downloads pre-compiled binaries, which look for certificates in the wrong location. By forcing RVM to download the source and compile on your own machine, you ensure that the configuration for the certificate location is correct.
The command to do this is:
rvm install 2.2.0 --disable-binary
if you already have the version in question, you can re-install it with:
rvm reinstall 2.2.0 --disable-binary
(obviously, substitute your ruby version as needed).
The issue is that ruby can not find a root certificate to trust. As of 1.9 ruby checks this. You will need to make sure that you have the curl certificate on your system in the form of a pem file. You will also need to make sure that the certificate is in the location that ruby expects it to be. You can get this certificate at...
http://curl.haxx.se/ca/cacert.pem
If your a RVM and OSX user then your certificate file location will vary based on what version of ruby your using. Setting the path explicitly with :ca_path is a BAD idea as your code will not be portable when it gets to production. There for you want to provide ruby with a certificate in the default location(and assume your dev ops guys know what they are doing). You can use dtruss to work out where the system is looking for the certificate file.
In my case the system was looking for the cert file in
/Users/stewart.matheson/.rvm/usr/ssl/cert.pem
however MACOSX system would expect a certificate in
/System/Library/OpenSSL/cert.pem
I copied the downloaded cert to this path and it worked. HTH
The new certified gem is designed to fix this:
https://github.com/stevegraham/certified
Just add gem 'certified' in your gemfile and run bundle install.
gem 'certified'
bundle install
On Mac OS X Lion with the latest macport:
sudo port install curl-ca-bundle
export SSL_CERT_FILE=/opt/local/share/curl/curl-ca-bundle.crt
Then, rerun the failed job.
Note, the cert file location seems to have changed since Eric G answered on May 12.
Here's another option for debugging purposes.
Be sure never to use this in any production environment, as it will negate benefits of using SSL in the first place. It is only ever valid to do this in your local development environment.
require 'openssl'
OpenSSL::SSL::VERIFY_PEER = OpenSSL::SSL::VERIFY_NONE
A one liner fixes it for Windows in an Admin prompt
choco install wget (first see chocolatey.org)
wget http://curl.haxx.se/ca/cacert.pem -O C:\cacert.pem && setx /M SSL_CERT_FILE "C:\cacert.pem"
Or just do this:
gem sources -r https://rubygems.org/
gem sources -a http://rubygems.org/
Milanio's method:
gem sources -r https://rubygems.org
gem sources -a http://rubygems.org
gem update --system
gem sources -r http://rubygems.org
gem sources -a https://rubygems.org
gem install [NAME_OF_GEM]
Well this worked for me
rvm pkg install openssl
rvm reinstall 1.9.2 --with-openssl-dir=$rvm_path/usr
Something is wrong with openssl implementation of my ubuntu 12.04
While knowing it's rather a lame solution, I'm still sharing this because it seems like very few people answering here use Windows, and I think some of Windows users (me included) would appreciate a simple and intuitive approach.
require 'openssl'
puts OpenSSL::X509::DEFAULT_CERT_FILE
That tells where your openssl is looking for the cert file. My name is not Luis, but mine was C:/Users/Luis/Code/luislavena/knap-build/var/knapsack/software/x86-windows/openssl/1.0.0l/ssl/cert.pem. The path may be different depending on each own environments (e.g. openknapsack instead of luislavena).
The path didn't change even after set SSL_CERT_FILE=C:\foo\bar\baz\cert.pem via the console, so... I created the directory C:\Users\Luis\Code\luislavena\knap-build\var\knapsack\software\x86-windows\openssl\1.0.0l\ssl in my local disk and put a cert file into it.
Lame as it is, this will surely work.
I've try install curl-ca-bundle with brew, but the package is no available more:
$ brew install curl-ca-bundle
Error: No available formula for curl-ca-bundle
Searching formulae...
Searching taps...
The solution that worked to me on Mac was:
$ cd /usr/local/etc/openssl/certs/
$ sudo curl -O http://curl.haxx.se/ca/cacert.pem
Add this line in your ~/.bash_profile (or ~/.zshrc for zsh):
export SSL_CERT_FILE=/usr/local/etc/openssl/certs/cacert.pem
Then update your terminal:
$ source ~/.bash_profile
I had this same issue while working on a Ruby project. I am using Windows 7 64bit.
I resolved this by:
Downloading the cacert.pem file from http://curl.haxx.se/ca/cacert.pem.
Saved that file to C:/RubyCertificates/cacert.pem
Then set my environmental variable "SSL_CERT_FILE" to "C:\RubyCertificates\cacert.pem"
source: https://gist.github.com/fnichol/867550
The most straightforward answer which worked for me was this
sudo apt-get install openssl ca-certificates
And voila!!!
OS X 10.8.x with Homebrew:
brew install curl-ca-bundle
brew list curl-ca-bundle
cp /usr/local/Cellar/curl-ca-bundle/1.87/share/ca-bundle.crt /usr/local/etc/openssl/cert.pem
Then, as this blog post suggests,
"How to Cure Net::HTTP’s Risky Default HTTPS Behavior"
you might want to install the always_verify_ssl_certificates gem that allow you to set a default value for ca_file.
This worked for me. If you using rvm and brew:
rvm remove 1.9.3
brew install openssl
rvm install 1.9.3 --with-openssl-dir=`brew --prefix openssl`
I ran into this issue and the suggested fix of rvm osx-ssl-certs update all did not work despite that I am an RVM user on OSX.
The fix that worked for me was re-installing the latest version of openssl:
brew update
brew remove openssl
brew install openssl
I fixed this problem by running this in terminal. Full writeup is available over here
rvm install 2.2.0 --disable-binary
OSX solution:
install latest rvm stable version
rvm get stable
use rvm command to solve the certificates automatically
rvm osx-ssl-certs update all
If you are running your rails app locally then just add this line at the bottom of application.rb.
OpenSSL::SSL::VERIFY_PEER = OpenSSL::SSL::VERIFY_NONE
After this you can use the app without any issues. You may call it a hack but it is not recommended. Use only when you need to run locally
Here's what I did that helped if you are specifically having a problem on Leopard.
My cert was old and needed to be updated. I downloaded this:
http://curl.haxx.se/ca/cacert.pem
Then replaced my cert which was found here on Leopard:
/usr/share/curl/curl-ca-bundle.crt
Reload whatever you have that's accessing it and you should be good to go!
Just because instructions were a slight bit different for what worked for me, I thought I add my 2 cents:
I'm on OS X Lion and using macports and rvm
I installed curl-ca-bundle:
sudo port install curl-ca-bundle
Then I adjusted my omniauth config to be this:
Rails.application.config.middleware.use OmniAuth::Builder do
provider :google_oauth2, APP_CONFIG['CONSUMER_KEY'], APP_CONFIG['CONSUMER_SECRET'],
:scope => 'https://www.google.com/m8/feeds https://www.googleapis.com/auth/userinfo.profile',
:ssl => {:ca_path => "/share/curl/curl-ca-bundle.crt"}
end
If you have a symbolic link in the /usr/local/etc/openssl pointing to cert.pem try to do this:
ruby -ropenssl -e "p OpenSSL::X509::DEFAULT_CERT_FILE" (should be /usr/local/etc/openssl)
cd /usr/local/etc/openssl
wget http://curl.haxx.se/ca/cacert.pem
ln -s cacert.pem 77ee3751.0 (77ee3751.0 is my symbolic link, should depend on the openssl version)
What worked for me is a combination of answers, namely:
# Reinstall OpenSSL
brew update
brew remove openssl
brew install openssl
# Download CURL CA bundle
cd /usr/local/etc/openssl/certs
wget http://curl.haxx.se/ca/cacert.pem
/usr/local/opt/openssl/bin/c_rehash
# Reinstall Ruby from source
rvm reinstall 2.2.3 --disable-binary
I had trouble for a number of days and was hacking around. This link proved out to be extremely helpful for me. It helped me to do a successful upgrade of the SSL on MAC OS X 9.
Sometime it's not always rvm's problem
in MAC OSX,if you remove .rvm,the problem still(espcially while you backup data from timemachine) ,you can try this way.
1.brew update
2.brew install openssl
Adding gem 'certified', '~> 1.0' to my Gemfile and running bundle solved this issue for me.
I am using Authlogic-Connect for third party logins. After running appropriate migrations, Twitter/Google/yahoo logins seem to work fine but the facebook login throws exception:
SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
The dev log shows
OpenSSL::SSL::SSLError (SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed):
app/controllers/users_controller.rb:37:in `update'
Please suggest..
I ran into a similar problem when trying to use the JQuery generator for Rails 3
I solved it like this:
Get the CURL Certificate Authority (CA) bundle. You can do this with:
sudo port install curl-ca-bundle [if you are using MacPorts]
or just pull it down directly wget http://curl.haxx.se/ca/cacert.pem
Execute the ruby code that is trying to verify the SSL certification: SSL_CERT_FILE=/opt/local/etc/certs/cacert.pem rails generate jquery:install. In your case, you want to either set this as an environment variable somewhere the server picks it up or add something like ENV['SSL_CERT_FILE'] = /path/to/your/new/cacert.pem in your environment.rb file.
You can also just install the CA files (I haven't tried this) to the OS -- there are lengthy instructions here -- this should work in a similar fashion, but I have not tried this personally.
Basically, the issue you are hitting is that some web service is responding with a certificate signed against a CA that OpenSSL cannot verify.
If you're using RVM on OS X, you probably need to run this:
rvm osx-ssl-certs update all
More information here: http://rvm.io/support/fixing-broken-ssl-certificates
And here is the full explanation: https://github.com/wayneeseguin/rvm/blob/master/help/osx-ssl-certs.md
Update
On Ruby 2.2, you may have to reinstall Ruby from source to fix this. Here's how (replace 2.2.3 with your Ruby version):
rvm reinstall 2.2.3 --disable-binary
Credit to https://stackoverflow.com/a/32363597/4353 and Ian Connor.
Here's how you can fix it on Windows: https://gist.github.com/867550 (created by Fletcher Nichol)
Excerpt:
The Manual Way (Boring)
Download the cacert.pem file from http://curl.haxx.se/ca/cacert.pem. Save this file to C:\RailsInstaller\cacert.pem.
Now make ruby aware of your certificate authority bundle by setting SSL_CERT_FILE. To set this in your current command prompt session, type:
set SSL_CERT_FILE=C:\RailsInstaller\cacert.pem
To make this a permanent setting, add this in your control panel.
Ruby can't find any root certificates to trust.
Take a look at this blog post for a solution: "Ruby 1.9 and the SSL error".
The solution is to install the curl-ca-bundle port which contains the same root certificates used by Firefox:
sudo port install curl-ca-bundle
and tell your https object to use it:
https.ca_file = '/opt/local/share/curl/curl-ca-bundle.crt'
Note that if you want your code to run on Ubuntu, you need to set the ca_path attribute instead, with the default certificates location /etc/ssl/certs.
The reason that you get this error on OSX is the rvm-installed ruby.
If you run into this issue on OSX you can find a really broad explanation of it in this blog post:
http://toadle.me/2015/04/16/fixing-failing-ssl-verification-with-rvm.html
The short version is that, for some versions of Ruby, RVM downloads pre-compiled binaries, which look for certificates in the wrong location. By forcing RVM to download the source and compile on your own machine, you ensure that the configuration for the certificate location is correct.
The command to do this is:
rvm install 2.2.0 --disable-binary
if you already have the version in question, you can re-install it with:
rvm reinstall 2.2.0 --disable-binary
(obviously, substitute your ruby version as needed).
The issue is that ruby can not find a root certificate to trust. As of 1.9 ruby checks this. You will need to make sure that you have the curl certificate on your system in the form of a pem file. You will also need to make sure that the certificate is in the location that ruby expects it to be. You can get this certificate at...
http://curl.haxx.se/ca/cacert.pem
If your a RVM and OSX user then your certificate file location will vary based on what version of ruby your using. Setting the path explicitly with :ca_path is a BAD idea as your code will not be portable when it gets to production. There for you want to provide ruby with a certificate in the default location(and assume your dev ops guys know what they are doing). You can use dtruss to work out where the system is looking for the certificate file.
In my case the system was looking for the cert file in
/Users/stewart.matheson/.rvm/usr/ssl/cert.pem
however MACOSX system would expect a certificate in
/System/Library/OpenSSL/cert.pem
I copied the downloaded cert to this path and it worked. HTH
The new certified gem is designed to fix this:
https://github.com/stevegraham/certified
Just add gem 'certified' in your gemfile and run bundle install.
gem 'certified'
bundle install
On Mac OS X Lion with the latest macport:
sudo port install curl-ca-bundle
export SSL_CERT_FILE=/opt/local/share/curl/curl-ca-bundle.crt
Then, rerun the failed job.
Note, the cert file location seems to have changed since Eric G answered on May 12.
Here's another option for debugging purposes.
Be sure never to use this in any production environment, as it will negate benefits of using SSL in the first place. It is only ever valid to do this in your local development environment.
require 'openssl'
OpenSSL::SSL::VERIFY_PEER = OpenSSL::SSL::VERIFY_NONE
A one liner fixes it for Windows in an Admin prompt
choco install wget (first see chocolatey.org)
wget http://curl.haxx.se/ca/cacert.pem -O C:\cacert.pem && setx /M SSL_CERT_FILE "C:\cacert.pem"
Or just do this:
gem sources -r https://rubygems.org/
gem sources -a http://rubygems.org/
Milanio's method:
gem sources -r https://rubygems.org
gem sources -a http://rubygems.org
gem update --system
gem sources -r http://rubygems.org
gem sources -a https://rubygems.org
gem install [NAME_OF_GEM]
Well this worked for me
rvm pkg install openssl
rvm reinstall 1.9.2 --with-openssl-dir=$rvm_path/usr
Something is wrong with openssl implementation of my ubuntu 12.04
While knowing it's rather a lame solution, I'm still sharing this because it seems like very few people answering here use Windows, and I think some of Windows users (me included) would appreciate a simple and intuitive approach.
require 'openssl'
puts OpenSSL::X509::DEFAULT_CERT_FILE
That tells where your openssl is looking for the cert file. My name is not Luis, but mine was C:/Users/Luis/Code/luislavena/knap-build/var/knapsack/software/x86-windows/openssl/1.0.0l/ssl/cert.pem. The path may be different depending on each own environments (e.g. openknapsack instead of luislavena).
The path didn't change even after set SSL_CERT_FILE=C:\foo\bar\baz\cert.pem via the console, so... I created the directory C:\Users\Luis\Code\luislavena\knap-build\var\knapsack\software\x86-windows\openssl\1.0.0l\ssl in my local disk and put a cert file into it.
Lame as it is, this will surely work.
I've try install curl-ca-bundle with brew, but the package is no available more:
$ brew install curl-ca-bundle
Error: No available formula for curl-ca-bundle
Searching formulae...
Searching taps...
The solution that worked to me on Mac was:
$ cd /usr/local/etc/openssl/certs/
$ sudo curl -O http://curl.haxx.se/ca/cacert.pem
Add this line in your ~/.bash_profile (or ~/.zshrc for zsh):
export SSL_CERT_FILE=/usr/local/etc/openssl/certs/cacert.pem
Then update your terminal:
$ source ~/.bash_profile
I had this same issue while working on a Ruby project. I am using Windows 7 64bit.
I resolved this by:
Downloading the cacert.pem file from http://curl.haxx.se/ca/cacert.pem.
Saved that file to C:/RubyCertificates/cacert.pem
Then set my environmental variable "SSL_CERT_FILE" to "C:\RubyCertificates\cacert.pem"
source: https://gist.github.com/fnichol/867550
The most straightforward answer which worked for me was this
sudo apt-get install openssl ca-certificates
And voila!!!
OS X 10.8.x with Homebrew:
brew install curl-ca-bundle
brew list curl-ca-bundle
cp /usr/local/Cellar/curl-ca-bundle/1.87/share/ca-bundle.crt /usr/local/etc/openssl/cert.pem
Then, as this blog post suggests,
"How to Cure Net::HTTP’s Risky Default HTTPS Behavior"
you might want to install the always_verify_ssl_certificates gem that allow you to set a default value for ca_file.
This worked for me. If you using rvm and brew:
rvm remove 1.9.3
brew install openssl
rvm install 1.9.3 --with-openssl-dir=`brew --prefix openssl`
I ran into this issue and the suggested fix of rvm osx-ssl-certs update all did not work despite that I am an RVM user on OSX.
The fix that worked for me was re-installing the latest version of openssl:
brew update
brew remove openssl
brew install openssl
I fixed this problem by running this in terminal. Full writeup is available over here
rvm install 2.2.0 --disable-binary
OSX solution:
install latest rvm stable version
rvm get stable
use rvm command to solve the certificates automatically
rvm osx-ssl-certs update all
If you are running your rails app locally then just add this line at the bottom of application.rb.
OpenSSL::SSL::VERIFY_PEER = OpenSSL::SSL::VERIFY_NONE
After this you can use the app without any issues. You may call it a hack but it is not recommended. Use only when you need to run locally
Here's what I did that helped if you are specifically having a problem on Leopard.
My cert was old and needed to be updated. I downloaded this:
http://curl.haxx.se/ca/cacert.pem
Then replaced my cert which was found here on Leopard:
/usr/share/curl/curl-ca-bundle.crt
Reload whatever you have that's accessing it and you should be good to go!
Just because instructions were a slight bit different for what worked for me, I thought I add my 2 cents:
I'm on OS X Lion and using macports and rvm
I installed curl-ca-bundle:
sudo port install curl-ca-bundle
Then I adjusted my omniauth config to be this:
Rails.application.config.middleware.use OmniAuth::Builder do
provider :google_oauth2, APP_CONFIG['CONSUMER_KEY'], APP_CONFIG['CONSUMER_SECRET'],
:scope => 'https://www.google.com/m8/feeds https://www.googleapis.com/auth/userinfo.profile',
:ssl => {:ca_path => "/share/curl/curl-ca-bundle.crt"}
end
If you have a symbolic link in the /usr/local/etc/openssl pointing to cert.pem try to do this:
ruby -ropenssl -e "p OpenSSL::X509::DEFAULT_CERT_FILE" (should be /usr/local/etc/openssl)
cd /usr/local/etc/openssl
wget http://curl.haxx.se/ca/cacert.pem
ln -s cacert.pem 77ee3751.0 (77ee3751.0 is my symbolic link, should depend on the openssl version)
What worked for me is a combination of answers, namely:
# Reinstall OpenSSL
brew update
brew remove openssl
brew install openssl
# Download CURL CA bundle
cd /usr/local/etc/openssl/certs
wget http://curl.haxx.se/ca/cacert.pem
/usr/local/opt/openssl/bin/c_rehash
# Reinstall Ruby from source
rvm reinstall 2.2.3 --disable-binary
I had trouble for a number of days and was hacking around. This link proved out to be extremely helpful for me. It helped me to do a successful upgrade of the SSL on MAC OS X 9.
Sometime it's not always rvm's problem
in MAC OSX,if you remove .rvm,the problem still(espcially while you backup data from timemachine) ,you can try this way.
1.brew update
2.brew install openssl
Adding gem 'certified', '~> 1.0' to my Gemfile and running bundle solved this issue for me.
I'm coming from Windows to Linux (Ubuntu) so I'm new to the CLI. I had issues trying to install Rails so I figured a fresh install would help. I'm following "Installing Ruby the Correct Way."
I thought I had uninstalled Ruby, but after installing 2.1.4 it still shows some Ruby folders. Have I completely uninstalled Ruby?
Downloading ruby-2.1.4.tar.gz...
-> http://dqw8nmjcqpjn7.cloudfront.net/bf9952cdeb3a0c6a5a27745c9b4c0e5e264e92b669b2b08efb363f5156549204
Installing ruby-2.1.4...
Installed ruby-2.1.4 to /home/richard/.rbenv/versions/2.1.4
richard#richard-ThinkPad-T400:~$ rbenv global 2.1.4
richard#richard-ThinkPad-T400:~$ ruby -v
The program 'ruby' can be found in the following packages:
* ruby
* ruby1.8
Try: sudo apt-get install <selected package>
richard#richard-ThinkPad-T400:~$ sudo rbenv global 2.1.4
richard#richard-ThinkPad-T400:~$ ruby -v
The program 'ruby' can be found in the following packages:
* ruby
* ruby1.8
Try: sudo apt-get install <selected package>
Are the "the following packages" on my local system? or are they online?
EDIT
I've been getting this error when I try to install RVM (and some other applications):
GPG signature verification failed for '/home/richard/.rvm/archives/rvm-1.26.0.tgz' - 'https://github.com/wayneeseguin/rvm/releases/download/1.26.0/1.26.0.tar.gz.asc'!
try downloading the signatures:
gpg --keyserver hkp://keys.gnupg.net --recv-keys D39DC0E3
they can be compared with:
https://rvm.io/mpapis.asc
https://keybase.io/mpapis
Does this have anything to do with it? I wouldn't really think so but I'm a noob.
Don't sudo rbenv anything or you will summon Cthulhu. Use rbenv by itself.
Also, don't randomly follow guides on the internet until you're more familiar with your OS; They go stale, or start out wrong, or don't accurately apply to what you're doing. Instead, go to the source and follow the directions there.
To find out what is installed on your machine, use locate to quickly find Ruby instances. Something like:
locate /bin/ruby | grep -v .rbenv
should narrow down whether multiple Rubies are installed outside the ~/.rbenv directory.
Traditionally, you'll find a normally installed system-wide Ruby in /usr/bin/ruby. A user installed one from source will probably be in /usr/local/bin/ruby unless you specifically said otherwise, probably with a PREFIX= directive.
rbenv will default to installing Ruby in the ~/.rbenv hierarchy since it acts like a sandbox manager and will put all Rubies it installs underneath that directory. RVM, a similar application, will use ~/.rvm, and in both cases, the purpose is to keep them where the user's permissions are sufficient to install and update gems without requiring the use of sudo. For general use, avoid sudo unless you understand what you're about to do, as it can turn a computer into an under-desk heater in seconds.
The shell uses the PATH variable to figure out where to look for executable commands. It sounds like your PATH isn't set correctly. If you followed the directions on the rbenv site, they say how to enable rbenv by modifying your ~/.bash_profile script. Doing that, then closing and reopening your shell should bring rbenv to life.
Following that blog post, you are installing Ruby using a tool called rbenv, and if you only uninstalled one Ruby, that doesn't mean that all Rubies are uninstalled.
The message that you posted shows that it is a local install: Installed ruby-2.1.4 to /home/richard/.rbenv/versions/2.1.4 which is a copy of the 4th line of your message.
You can find out from whence your Ruby executable is being invoked by issuing at the command line:
which ruby
You will then know if the program is available and which it is. Using ruby -v if it is there will tell you the version.
You have done some of these steps and are finding out that your system does not know how to get to the Ruby, if it is indeed installed.
Right now, it is effectively uninstalled, as it is unavailable to your environment.
I have setup a gem repo with https. We have internal singed certificates for which i have the singer/trust certificates.
But where to install those pem files i am not sure, hence getting the ssl error when trying to do a gem install
We are using CHEF, hence using the ruby installed as part of chef client install.
Have searched through the net the only aswer people have is a workaround, which is to change from https to http, but i want the gem repo to be setup with HTTPS (port 443)
Below is the error i get
[root#opslx0005 ~]# /opt/chef/embedded/bin/gem install lvm
ERROR: Could not find a valid gem 'lvm' (>= 0) in any repository
ERROR: While executing gem ... (Gem::RemoteFetcher::FetchError)
SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed (https://myself.mydomain.com/artifactory/simple/infra-automation/gem-repo/latest_specs.4.8.gz)
Tried with Ruby remote_fetcher to test
/opt/chef/embedded/bin/ruby -rrubygems/remote_fetcher -e 'p Gem::RemoteFetcher.new.fetch_http(URI.parse("https://myself.mydomain.com/artifactory/simple/infra-automation/gem-repo/latest_specs.4.8.gz")).bytesize'
UPDATE :
Found this online and this is my default pem file, updated the certs here but the error is still not going
/opt/chef/embedded/bin/ruby -ropenssl -e 'puts OpenSSL::X509::DEFAULT_CERT_FILE'
/opt/chef/embedded/ssl/cert.pem
Easiest solution is probably to just set the SSL_CERT_FILE environment variable to the CA certificate file. This should be picked up by Ruby's OpenSSL layer automatically.
From here: SSL Error During Gem Installation (on MinGW64-MSys2)
Try downloading the http://curl.haxx.se/ca/cacert.pem certificate. Then, point a special environment variable to it like that: export SSL_CERT_FILE=~/cacert.pem After that, issue an update command: gem update --system The problem should be solved after that. Relaunch the console and continue your work.
I had the same problem, thought it was corporate proxy but I just need to update rubygems.
You might want to download the latest version from https://github.com/rubygems/rubygems/releases/
copy it to ruby gems folder
and then on cmd
C:\>gem install --local C:\rubygems-update-1.8.30.gem
C:\>update_rubygems --no-ri --no-rdoc
Hope that helps!