"Certificate verify failed" while using http://rubygems.org instead of https

0
votes

I used to get a certificate verification error when I used the https:/rubygems.org.

A workaround was suggested: remove the "s" (so I end up using http instead of https). It worked for some time but today after starting a new rails application rails new 'filename' I got the same certificate validation error:

Gem::RemoteFetcher::FetchError: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed (https://rubygems.org/gems/mime-types-data-3.2016.0521.gem) An error occurred while installing mime-types-data (3.2016.0521), and Bundler cannot continue. Make sure that gem install mime-types-data -v '3.2016.0521' succeeds before bundling.

I typed gem sources only to find that https://rubygems.org doesn't even exist.

    $ gem sources
*** CURRENT SOURCES ***

http://rubygems.org

I go to the gemfile and I find

source 'https://rubygems.org'

What could be the problem?

1
ruby-on-railssslcertificatewindows-10
http://rubygems.org redirects to https://rubygems.org so you are stuck with your original problem.Steffen Ullrich
I just checked and the certificate chain that rubygems.org sends looks good, at least, as long as you trust the root certificate. The root certificate is /C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA which is widely trusted.rlandster

1 Answers

0
votes

Be sure to update the certificate, http://guides.rubygems.org/ssl-certificate-update/

Then look for default cert file

ruby -ropenssl -e 'p OpenSSL::X509::DEFAULT_CERT_FILE' that outputs "/usr/local/etc/openssl/cert.pem"

And then renamed, that will use the new certificate you downloaded

mv /usr/local/etc/openssl/cert.pem /usr/local/etc/openssl/cert.pem.old