Skip to content

Instantly share code, notes, and snippets.

Created July 29, 2015 02:26
Show Gist options
  • Save eyecatchup/20a494dff3094059d71d to your computer and use it in GitHub Desktop.
Save eyecatchup/20a494dff3094059d71d to your computer and use it in GitHub Desktop.
SSL Error with Ruby on Windows when trying to install a gem from command line.

[Solved] The SSL_connect returned=1 errno=0 state=SSLv3 read server certificate-Error on Ruby for Windows

The Issue

When you try to install (or update) a Ruby gem from your Windows command line and get an error like, for example, the following:

> gem install compass
ERROR:  Could not find a valid gem 'compass' (>= 0), here is why:
        Unable to download data from - SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed (

you can (try to) fix it as follows.


"Solution" #1: Change default source host from https:// to http://

This solution will work 100% and is the fastest on top. However, switching permanently to an insecure source connection is highly discouraged! That being said, here's how to do it:

# 1. Add insecure source
> gem sources -a is recommended for security over

Do you want to add this insecure source? [yn]  y added to sources

# 2. Remove secure source
> gem sources -r removed from sources

# 3. Update source cache
> gem sources -u
source cache successfully updated

That's it, you're all done. NO MORE SECURE CONNECTION!

Solution #2: Add Rubygems' latest SSL root CAs

1. Navigate to `C:\Ruby200-x64\lib\ruby\2.0.0\rubygems\ssl_certs` _(adjust to fit your install path)_. 2. If there're no such a files, download these new 1 trusted root certificates from the Rubygems' Github site into the folder: 1. Save [**this file**]( as **`AddTrustExternalCARoot.pem`**2. 2. Save [**this file**]( as **`AddTrustExternalCARoot-2048.pem`**2, 3. 3. Now try again to install the gem. - `if (true): echo "Congrats, we're done."; exit; ` - `else: // try Solution #3`


1: As of Nov 2014. (Ref)
2: Make sure that the files are actually saved as .pem and not as .pem.txt files!
3: Required for some versions of OpenSSL. (Ref)

Solution #3 and #4: Convert Mozilla's SSL root Bundle-CAs

1. Navigate to `C:\Ruby200-x64\lib\ruby\2.0.0\rubygems\ssl_certs` _(adjust to fit your install path)_. 2. Download Mozilla's CA Bundle Certificate **as `ca-bundle.crt`** into the folder, using [**this link**]( 3. Assuming `openssl` is in your `PATH`, from the command line, in the same folder, run: `openssl x509 -in ca-bundle.crt -out MozBundleCA.pem -outform PEM` 4. Now try to install the gem again. - `if (true): echo "Congrats, we're done."; exit; ` - `else: // repeat step 2 and 3 (but with another crt file)` 1. Download Mozilla's **deprecated** CA Bundle Certificate (/w RSA-1024 support) **as `ca-bundle-1024.crt`** into the folder, using [**this link**]( 2. Back on the command line run: `openssl x509 -in ca-bundle-1024.crt -out MozBundleCA.rsa1024.pem -outform PEM` - Now try again to install the gem. - `if (true): echo "Congrats, we're done."; exit; ` - `else: // try Solution #5`

Solution #5: Add older SSL root CAs (by Rubygems, Mozilla &

1. Navigate to `C:\Ruby200-x64\lib\ruby\2.0.0\rubygems\ssl_certs` _(adjust to fit your install path)_. 2. If there's no such a file, download DigiCert's High Assurance EV Root CA trust certificate from the rubygems Github site **as `DigiCertHighAssuranceEVRootCA.pem`** in to the folder, using [**this link**]( 3. Download Mozilla's converted CA Certificate **as `cacert.pem`** from the cURL project website to the folder, using [**this link**]( 4. Download's CA Bundle Certificate **as `ca-bundle-startssl.pem`** from their website to the folder, using [**this link**]( 5. Now try again to install the gem. - `if (true): echo "Congrats, we're done."; exit; ` - `else: // go drink a beer!`


Copy link

Thanks a ton.. Solution #3 worked for me...since I did not want to mess up with my security trying the solution #1(Windows 10)

Copy link

Thank you so much. I was struggling for 3 days. got really frustrated. Finally it worked with Solution" #1:. Once again Thank you.

Copy link


Copy link

jacobvr commented May 4, 2017

Thank you!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment