Skip to content

Instantly share code, notes, and snippets.

@fnichol
Created March 12, 2011 20:52
Show Gist options
  • Save fnichol/867550 to your computer and use it in GitHub Desktop.
Save fnichol/867550 to your computer and use it in GitHub Desktop.
Download a cacert.pem for RailsInstaller

Why?

There is a long standing issue in Ruby where the net/http library by default does not check the validity of an SSL certificate during a TLS handshake. Rather than deal with the underlying problem (a missing certificate authority, a self-signed certificate, etc.) one tends to see bad hacks everywhere. This can lead to problems down the road.

From what I can see the OpenSSL library that Rails Installer delivers has no certificate authorities defined. So, let's go fetch some from the curl website. And since this is for ruby, why don't we download and install the file with a ruby script?

Installation

The Ruby Way! (Fun)

This assumes your have already installed the Rails Installer for Windows.

Download the ruby script to your Desktop folder from https://gist.github.com/raw/867550/win_fetch_cacerts.rb. Then in your command prompt, execute the ruby script:

ruby "%USERPROFILE%\Desktop\win_fetch_cacerts.rb"

Now make ruby aware of your certificate authority bundle by setting SSL_CERT_FILE. To set this in your current command prompt session, type:

set SSL_CERT_FILE=C:\RailsInstaller\cacert.pem

To make this a permanent setting, add this in your control panel.

The Manual Way (Boring)

Download the cacert.pem file from http://curl.haxx.se/ca/cacert.pem. Save this file to C:\RailsInstaller\cacert.pem.

Now make ruby aware of your certificate authority bundle by setting SSL_CERT_FILE. To set this in your current command prompt session, type:

set SSL_CERT_FILE=C:\RailsInstaller\cacert.pem

To make this a permanent setting, add this in your control panel.

require 'net/http'
# create a path to the file "C:\RailsInstaller\cacert.pem"
cacert_file = File.join(%w{c: RailsInstaller cacert.pem})
Net::HTTP.start("curl.haxx.se") do |http|
resp = http.get("/ca/cacert.pem")
if resp.code == "200"
open(cacert_file, "wb") { |file| file.write(resp.body) }
puts "\n\nA bundle of certificate authorities has been installed to"
puts "C:\\RailsInstaller\\cacert.pem\n"
puts "* Please set SSL_CERT_FILE in your current command prompt session with:"
puts " set SSL_CERT_FILE=C:\\RailsInstaller\\cacert.pem"
puts "* To make this a permanent setting, add it to Environment Variables"
puts " under Control Panel -> Advanced -> Environment Variables"
else
abort "\n\n>>>> A cacert.pem bundle could not be downloaded."
end
end
@jamesyoungdigital
Copy link

jamesyoungdigital commented Sep 8, 2018

None of the suggestions worked for me at all, with the latest RailsInstaller on Windows 10. I used 'gem certified' and followed those instructions. I tried manual ways. I tried updating my PATH, and ruby -ropen-uri -e 'eval open("https://git.io/vQhWq").read'. This appeared to work, but still gave an error in Chrome when accessing my form and submitting it. I don't know if it has anything to do with adding a Google ReCaptcha to my form in my app, which I test on localhost. So I just figured switching to IE Edge might work out because it's "less secure," and it worked. If you're on Windows, try everything you can, then use IE Edge. Maybe it will work out => I mean for development. You will want a proper fix for production of course.

@TexasNeo
Copy link

Ruby on Windows 10, setting the env via "Advanced System Settings" worked. setting it in the ruby code, i.e. ENV["SSL_CERT_FILE"] did not.

@subatta
Copy link

subatta commented Nov 4, 2018

Ruby on Windows 10, setting the env via "Advanced System Settings" worked. setting it in the ruby code, i.e. ENV["SSL_CERT_FILE"] did not.

This was true for me as well.

@george-chakhidze
Copy link

Looks like JRuby on Windows ignores SSL_CERT_FILE environment variable.

@houssemFat-DDF
Copy link

Thank you !!

@dirktay
Copy link

dirktay commented Oct 27, 2021

Thanks! Did it years ago on my old machine. Forgot about it. Thanks again!

@shuvalovakris
Copy link

Thank you no longer get the error, these are the steps if anyone wants to follow

1.Install DEVELOPMENT KIT (depending on your version Ruby or Rails) in the path and folder C:\devkit http://rubyinstaller.org/downloads/

2.Through the command prompt to access C:\devkit

3.Paste into the command prompt these commands

ruby dk.rb init

ruby dk.rb install

4.Download this file https://curl.haxx.se/ca/cacert.pem (with Firefox, File - Save as ...) and download in C:\RubyXX (if installed in C:)

5.set SSL_CERT_FILE=C:\RubyXX\cacert.pem (change after the equal sign, the path where cacert.pem was installed, ie in C:\RubyXX)

6.Paste into the command prompt

set SSL_CERT_FILE=C:\RubyXX\cacert.pem

7.Install this gem for devkit

gem install rdiscount --platform=ruby

8.Close the command prompt

9.Add environment variables SSL certificate

Control Panel - Security system - System - Advanced system settings - Environment Variables - System Variables - New - Variable name - (Paste "SSL_CERT_FILE" this without quotes) - Variable value - (Paste the path where cacert.pem was installed "C:\RubyXX\cacert.pem") - OK - OK - OK ;)

10.Try installing another gem

https://www.youtube.com/watch?v=xg_Zb9vGz-8

THANK YOU THANK YOU!!!!! Vicente-M you are my best friend!!!!!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment