The reason why you might get certificate errors in Ruby 2.0 when talking HTTPS is because there isn't a default certificate bundle that OpenSSL (which was used when building Ruby) trusts.
Update: this problem is solved in edge versions of rbenv and RVM.
$ ruby -rnet/https -e "Net::HTTP.get URI('https://github.com')"
net/http.rb:917:in `connect': SSL_connect returned=1 errno=0 state=SSLv3
read server certificate B: certificate verify failed (OpenSSL::SSL::SSLError)
You can work around the issue by installing a certificate bundle that you trust. I trust Mozilla and curl.
WARNING: use the below code only if you're not terribly worried about maximum security:
- Note that the certificate bundle below is downloaded from curl.haxx.se over HTTP not HTTPS.
- Keep in mind that this installs a cert bundle that will never be automatically updated if a cert gets revoked.
curl -fsSL curl.haxx.se/ca/cacert.pem \
-o "$(ruby -ropenssl -e 'puts OpenSSL::X509::DEFAULT_CERT_FILE')"
help please ..
msf5 auxiliary(gather/shodan_search) > run
[-] Auxiliary failed: OpenSSL::SSL::SSLError SSL_connect returned=1 errno=0 state=error: certificate verify failed
[-] Call stack:
[-] /opt/metasploit-framework/embedded/lib/ruby/2.4.0/net/protocol.rb:44:in
connect_nonblock' [-] /opt/metasploit-framework/embedded/lib/ruby/2.4.0/net/protocol.rb:44:in
ssl_socket_connect'[-] /opt/metasploit-framework/embedded/lib/ruby/2.4.0/net/http.rb:948:in
connect' [-] /opt/metasploit-framework/embedded/lib/ruby/2.4.0/net/http.rb:887:in
do_start'[-] /opt/metasploit-framework/embedded/lib/ruby/2.4.0/net/http.rb:876:in
start' [-] /opt/metasploit-framework/embedded/lib/ruby/2.4.0/net/http.rb:1407:in
request'[-] /opt/metasploit-framework/embedded/framework/modules/auxiliary/gather/shodan_search.rb:59:in
shodan_query' [-] /opt/metasploit-framework/embedded/framework/modules/auxiliary/gather/shodan_search.rb:109:in
run'[*] Auxiliary module execution completed
msf5 auxiliary(gather/shodan_search) > Interrupt: use the 'exit' command to quit
msf5 auxiliary(gather/shodan_search) >