[Solved] The SSL_connect returned=1 errno=0 state=SSLv3 read server certificate
-Error on Ruby for Windows
When you try to install (or update) a Ruby gem from your Windows command line and get an error like, for example, the following:
> gem install compass
ERROR: Could not find a valid gem 'compass' (>= 0), here is why:
Unable to download data from https://rubygems.org/ - SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed (https://rubygems.org/latest_specs.4.8.gz)
you can (try to) fix it as follows.
This solution will work 100% and is the fastest on top. However, switching permanently to an insecure source connection is highly discouraged! That being said, here's how to do it:
# 1. Add insecure source
> gem sources -a http://rubygems.org/
https://rubygems.org is recommended for security over http://rubygems.org/
Do you want to add this insecure source? [yn] y
http://rubygems.org/ added to sources
# 2. Remove secure source
> gem sources -r https://rubygems.org/
https://rubygems.org/ removed from sources
# 3. Update source cache
> gem sources -u
source cache successfully updated
That's it, you're all done. NO MORE SECURE CONNECTION!
1. Navigate to `C:\Ruby200-x64\lib\ruby\2.0.0\rubygems\ssl_certs` _(adjust to fit your install path)_. 2. If there're no such a files, download these new 1 trusted root certificates from the Rubygems' Github site into the folder: 1. Save [**this file**](https://raw.githubusercontent.com/rubygems/rubygems/master/lib/rubygems/ssl_certs/AddTrustExternalCARoot.pem) as **`AddTrustExternalCARoot.pem`**2. 2. Save [**this file**](https://raw.githubusercontent.com/rubygems/rubygems/master/lib/rubygems/ssl_certs/AddTrustExternalCARoot-2048.pem) as **`AddTrustExternalCARoot-2048.pem`**2, 3. 3. Now try again to install the gem. - `if (true): echo "Congrats, we're done."; exit; ` - `else: // try Solution #3`
--
1: As of Nov 2014. (Ref)
2: Make sure that the files are actually saved as.pem
and not as.pem.txt
files!
3: Required for some versions of OpenSSL. (Ref)
1. Navigate to `C:\Ruby200-x64\lib\ruby\2.0.0\rubygems\ssl_certs` _(adjust to fit your install path)_. 2. Download Mozilla's CA Bundle Certificate **as `ca-bundle.crt`** into the folder, using [**this link**](https://raw.githubusercontent.com/bagder/ca-bundle/master/ca-bundle.crt). 3. Assuming `openssl` is in your `PATH`, from the command line, in the same folder, run: `openssl x509 -in ca-bundle.crt -out MozBundleCA.pem -outform PEM` 4. Now try to install the gem again. - `if (true): echo "Congrats, we're done."; exit; ` - `else: // repeat step 2 and 3 (but with another crt file)` 1. Download Mozilla's **deprecated** CA Bundle Certificate (/w RSA-1024 support) **as `ca-bundle-1024.crt`** into the folder, using [**this link**](https://github.com/bagder/ca-bundle/blob/e9175fec5d0c4d42de24ed6d84a06d504d5e5a09/ca-bundle.crt). 2. Back on the command line run: `openssl x509 -in ca-bundle-1024.crt -out MozBundleCA.rsa1024.pem -outform PEM` - Now try again to install the gem. - `if (true): echo "Congrats, we're done."; exit; ` - `else: // try Solution #5`
1. Navigate to `C:\Ruby200-x64\lib\ruby\2.0.0\rubygems\ssl_certs` _(adjust to fit your install path)_. 2. If there's no such a file, download DigiCert's High Assurance EV Root CA trust certificate from the rubygems Github site **as `DigiCertHighAssuranceEVRootCA.pem`** in to the folder, using [**this link**](https://raw.githubusercontent.com/rubygems/rubygems/0b5185e5ab9378edbeecba03bd9c93978c937e41/lib/rubygems/ssl_certs/DigiCertHighAssuranceEVRootCA.pem). 3. Download Mozilla's converted CA Certificate **as `cacert.pem`** from the cURL project website to the folder, using [**this link**](http://curl.haxx.se/ca/cacert.pem). 4. Download startssl.com's CA Bundle Certificate **as `ca-bundle-startssl.pem`** from their website to the folder, using [**this link**](https://www.startssl.com/certs/ca-bundle.pem). 5. Now try again to install the gem. - `if (true): echo "Congrats, we're done."; exit; ` - `else: // go drink a beer!`
- Rubygems Help Forum (help.rubygems.org)
- Rubygems Bugtracker, Issue #704 (github.com)
- Rubygems Bugtracker, Issue #1050 (github.com)
- Rubygems Command Reference (guides.rubygems.org)
- Rubygems Commit/Patch #1 (github.com)
- Rubygems Commit/Patch #2 (github.com)
- Rubygems Commit/Patch #3 (github.com)
- Solution #2 (github.com)
- Solution #4 (github.com)
- "Automatically converted CA Certs from mozilla.org" (curl.haxx.se)
- "Gradually Sunsetting SHA-1" (blog.chromium.org)
- "Workaround RubyGems' SSL errors on Ruby for Windows" (gist.github.com), by @luislavena
A copy of this guide (guides.rubygems.org)!?