Skip to content

Instantly share code, notes, and snippets.

@fertobar

fertobar/OpenSSL fix.md

Forked from mislav/OpenSSL fix.md
Last active September 19, 2015 00:39
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save fertobar/cbfb89b98ba2e1773ead to your computer and use it in GitHub Desktop.
Save fertobar/cbfb89b98ba2e1773ead to your computer and use it in GitHub Desktop.
Download ZIP
Fix OpenSSL certificate errors on Ruby 2.0
Raw
OpenSSL fix.md

The reason why you might get certificate errors in Ruby 2.0 when talking HTTPS is because there isn't a default certificate bundle that OpenSSL (which was used when building Ruby) trusts.

Update: this problem is solved in edge versions of rbenv and RVM.

$ ruby -rnet/https -e "Net::HTTP.get URI('https://github.com')"
net/http.rb:917:in `connect': SSL_connect returned=1 errno=0 state=SSLv3
  read server certificate B: certificate verify failed (OpenSSL::SSL::SSLError)

You can work around the issue by installing a certificate bundle that you trust. I trust Mozilla and curl.

WARNING: use the below code only if you're not terribly worried about maximum security:

  1. Note that the certificate bundle below is downloaded from curl.haxx.se over HTTP not HTTPS.
  2. Keep in mind that this installs a cert bundle that will never be automatically updated if a cert gets revoked.
curl -fsSL curl.haxx.se/ca/cacert.pem \
  -o "$(ruby -ropenssl -e 'puts OpenSSL::X509::DEFAULT_CERT_FILE')"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment