Create a gist now

Instantly share code, notes, and snippets.

Fix OpenSSL certificate errors on Ruby 2.0

The reason why you might get certificate errors in Ruby 2.0 when talking HTTPS is because there isn't a default certificate bundle that OpenSSL (which was used when building Ruby) trusts.

Update: this problem is solved in edge versions of rbenv and RVM.

$ ruby -rnet/https -e "Net::HTTP.get URI('')"
net/http.rb:917:in `connect': SSL_connect returned=1 errno=0 state=SSLv3
  read server certificate B: certificate verify failed (OpenSSL::SSL::SSLError)

You can work around the issue by installing a certificate bundle that you trust. I trust Mozilla and curl.

WARNING: use the below code only if you're not terribly worried about maximum security:

  1. Note that the certificate bundle below is downloaded from over HTTP not HTTPS.
  2. Keep in mind that this installs a cert bundle that will never be automatically updated if a cert gets revoked.
curl -fsSL \
  -o "$(ruby -ropenssl -e 'puts OpenSSL::X509::DEFAULT_CERT_FILE')"

And if you want to acquire that secure .pem file without being vulnerable to a MitM attack, here's how: :-D


(i got them to switch to https in curl trunk, but then it got reverted later because the Perl library for https isn't reliable)


Thanks it works
Let's hope RVM or something else will deal with this problem automatically later

@codeslinger could just link the existing cacert.pem to cert.pem in that same directory and fix the problem without having to download anything. ;-)


@codeslinger: I just learned about that existing after I created the gist…


Did not work for ruby 2.0.0-p195 actually. The most simple fix is to use without certificate.


Thanks so much!


You can built a default certificate store file from the OS X system roots (if on that OS) - approach shown in


Fixed this on ubuntu with

apt-get install ca-certificates

Just had some stale certificates around.


@mislav is this still the state of the art solution? I just got this problem again with rbenv and ruby-build master building 2.3.1 on os x 10.10.


Looks like the curl folks fixed their https situation. this worked perfectly for me 💃 😌 😹:

curl -o "$(ruby -ropenssl -e 'puts OpenSSL::X509::DEFAULT_CERT_FILE')"

csaden commented Oct 21, 2016 edited

I faced the same error (on Mac OSX 10.10.5 Yosemite).

ERROR:  While executing gem ... (Gem::RemoteFetcher::FetchError)
    SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed (

I deleted rvm and and re-installed but still faced the same problem. I could not brew link --force openssl and ended up stumbling upon this for the solution.

rvm install 2.2.4 --disable-binary
Install whatever ruby version you need.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment