Skip to content

Instantly share code, notes, and snippets.

@kendagriff

kendagriff/solution.md

Created November 7, 2015 04:57
Show Gist options
  • Star 12 You must be signed in to star a gist
  • Fork 3 You must be signed in to fork a gist
  • Save kendagriff/adec3713b4dfe6a1abdf to your computer and use it in GitHub Desktop.
Save kendagriff/adec3713b4dfe6a1abdf to your computer and use it in GitHub Desktop.
Download ZIP
Solution to "OpenSSL::X509::StoreError: setting default path failed: Invalid keystore format" for JRuby
Raw
solution.md

Solution to StoreError: invalid keystore format (OS X)

The following error appeared upon upgrading JRuby:

OpenSSL::X509::StoreError: setting default path failed: Invalid keystore format

Download cacert.pem

wget http://curl.haxx.se/ca/cacert.pem

Create a keystore from the file

sudo keytool -importcert -file cacert.pem -keystore /Users/youruser/.keystore

Set SSL_CERT_FILE

export SSL_CERT_FILE=/Users/youruser/.keystore

Install gems

jruby -S gem install whatever
@madebysquares
Copy link

madebysquares commented Nov 30, 2016
edited

+1 to everyone who posted all your helpful comments.

I've been dealing with this for months, commenting and uncommenting export SSL_CERT_FILE=... until I finally got fed up.

I tried pretty much everything listed here.

The steps that finally resolved everything for me.

  • Installed the latest version of openssl via homebrew: brew install openssl
  • Ensured that it had up to date certs in the right localtions
  • Manually added a symlink in /usr/local/bin/ -> {the location of the latest homebrew version}
  • Uninstalled all the previous versions of the java jdk
cd /Library/Java/JavaVirtualMachines/
sudo rm -rf jdk1.*
  • Uninstalled rvm: rvm implode
  • Restarted my machine
  • Finally installed a new jdk , re-installed rvm, jruby, bundler, etc

Finally everything is working, no SSL_CERT_FILE, no random keystore files, no failures

ALSO: I would avoid rvm osx-ssl-certs update all this breaks my jdk cert everytime.

@jayjlawrence
Copy link

I'd like to add a few of points to make the procedure 100% clear:

  • when prompted for keystore password I used "changeit" which is similar to the default Java one
    -- Enter keystore password: then type "changeit"
    -- Re-enter new password: and retype "changeit"
  • when prompted to "Trust this certificate? [no]" enter "yes"
  • for Bash users to make this persist add to your .bash_profile
    -- export SSL_CERT_FILE=/Users/youruser/.keystore

And to add to @madebysquares comment - I broke my install by running 'rvm osx-ssl-certs update all' too. RVM should not allow this to run on jruby until it does not break all jrubies.

@palashmandokhot
Copy link

how to solve invalid keystore format????????

@palashmandokhot
Copy link

how to solve invalid keystore error??????

@palashmandokhot
Copy link

how to solve invalid keystore error??????

@dennis-d
Copy link

nuking jdk seems to help

@itsjms
Copy link

itsjms commented Mar 6, 2018

❤️ https://gist.github.com/kendagriff/adec3713b4dfe6a1abdf#gistcomment-1933072 this is EXACTLY how to fix. I have been dealing with this issue for months and setting that cert file every time.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment