SSL_connect返回=1 errno=0状态=SSLv3读取服务器证书B:证书验证失败。

时间:2021-08-24 00:28:45

I am using Authlogic-Connect for third party logins. After running appropriate migrations, Twitter/Google/yahoo logins seem to work fine but the facebook login throws exception:

我正在使用Authlogic-Connect作为第三方登录。在运行适当的迁移后,Twitter/谷歌/yahoo登录似乎运行良好,但facebook登录却抛出异常:

SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed

The dev log shows

开发日志显示

OpenSSL::SSL::SSLError (SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed):
  app/controllers/users_controller.rb:37:in `update'

Please suggest..

请建议. .

37 个解决方案

#1


134  

I ran into a similar problem when trying to use the JQuery generator for Rails 3

在尝试使用JQuery生成器进行Rails 3时,我遇到了类似的问题。

I solved it like this:

我这样解它:

  1. Get the CURL Certificate Authority (CA) bundle. You can do this with:

    获取CURL证书权限(CA)包。你可以这样做:

    • sudo port install curl-ca-bundle [if you are using MacPorts]
    • sudo端口安装curl-ca-bundle[如果您使用的是MacPorts]
    • or just pull it down directly wget http://curl.haxx.se/ca/cacert.pem
    • 或者直接把它拉下来,就可以找到http://curl.haxx.se/ca/cacert.pem。
  2. Execute the ruby code that is trying to verify the SSL certification: SSL_CERT_FILE=/opt/local/etc/certs/cacert.pem rails generate jquery:install. In your case, you want to either set this as an environment variable somewhere the server picks it up or add something like ENV['SSL_CERT_FILE'] = /path/to/your/new/cacert.pem in your environment.rb file.

    执行试图验证SSL证书的ruby代码:SSL_CERT_FILE=/opt/local/etc/certs/cacert。jquery:pem rails生成安装。在您的情况下,您希望将其设置为服务器接收到的环境变量,或者添加ENV['SSL_CERT_FILE'] = /path/to/ new/cacert。在您的环境中pem。rb文件。

You can also just install the CA files (I haven't tried this) to the OS -- there are lengthy instructions here -- this should work in a similar fashion, but I have not tried this personally.

您还可以将CA文件(我没有尝试过)安装到操作系统——这里有很长的指令——这应该以类似的方式工作,但我没有亲自尝试过。

Basically, the issue you are hitting is that some web service is responding with a certificate signed against a CA that OpenSSL cannot verify.

基本上,您所遇到的问题是,一些web服务使用与OpenSSL无法验证的CA签署的证书来响应。

#2


130  

If you're using RVM on OS X, you probably need to run this:

如果您在OS X上使用RVM,您可能需要运行以下操作:

rvm osx-ssl-certs update all

More information here: http://rvm.io/support/fixing-broken-ssl-certificates

更多信息:http://rvm.io/support/fixing-broken-ssl-certificates

And here is the full explanation: https://github.com/wayneeseguin/rvm/blob/master/help/osx-ssl-certs.md

这里有一个完整的解释:https://github.com/wayneeseguin/rvm/blob/master/help/osx-ssl-certs.md。


Update

On Ruby 2.2, you may have to reinstall Ruby from source to fix this. Here's how (replace 2.2.3 with your Ruby version):

在Ruby 2.2上,您可能需要从源代码重新安装Ruby来解决这个问题。以下是如何(用你的Ruby版本替换2.2.3):

rvm reinstall 2.2.3 --disable-binary

Credit to https://*.com/a/32363597/4353 and Ian Connor.

Credit到https://*.com/a/32363597/4353和Ian Connor。

#3


122  

Here's how you can fix it on Windows: https://gist.github.com/867550 (created by Fletcher Nichol)

以下是如何在Windows上修复它的方法:https://gist.github.com/867550(由Fletcher Nichol创建)

Excerpt:

摘录:

The Manual Way (Boring)

Download the cacert.pem file from http://curl.haxx.se/ca/cacert.pem. Save this file to C:\RailsInstaller\cacert.pem.

下载cacert。pem文件从http://curl.haxx.se/ca/cacert.pem。把这个文件保存到C:\RailsInstaller\cacert.pem。

Now make ruby aware of your certificate authority bundle by setting SSL_CERT_FILE. To set this in your current command prompt session, type:

现在,通过设置SSL_CERT_FILE使ruby知道您的证书权限包。要在当前命令提示会话中设置这个,请键入:

set SSL_CERT_FILE=C:\RailsInstaller\cacert.pem

To make this a permanent setting, add this in your control panel.

要使此设置为永久设置,请将其添加到控制面板中。

#4


31  

Ruby can't find any root certificates to trust.

Ruby找不到任何可以信任的根证书。

Take a look at this blog post for a solution: "Ruby 1.9 and the SSL error".

看看这个博客文章的解决方案:“Ruby 1.9和SSL错误”。

The solution is to install the curl-ca-bundle port which contains the same root certificates used by Firefox:

解决方案是安装curl-ca-bundle端口,其中包含Firefox使用的相同根证书:

sudo port install curl-ca-bundle

and tell your https object to use it:

并告诉你的https对象使用它:

https.ca_file = '/opt/local/share/curl/curl-ca-bundle.crt'

Note that if you want your code to run on Ubuntu, you need to set the ca_path attribute instead, with the default certificates location /etc/ssl/certs.

请注意,如果希望代码在Ubuntu上运行,则需要设置ca_path属性,并使用默认的证书位置/etc/ssl/cert。

#5


23  

The reason that you get this error on OSX is the rvm-installed ruby.

您在OSX上得到这个错误的原因是rvm安装的ruby。

If you run into this issue on OSX you can find a really broad explanation of it in this blog post:

如果你在OSX上遇到这个问题,你可以在这篇博文中找到一个非常宽泛的解释:

http://toadle.me/2015/04/16/fixing-failing-ssl-verification-with-rvm.html

http://toadle.me/2015/04/16/fixing-failing-ssl-verification-with-rvm.html

The short version is that, for some versions of Ruby, RVM downloads pre-compiled binaries, which look for certificates in the wrong location. By forcing RVM to download the source and compile on your own machine, you ensure that the configuration for the certificate location is correct.

简短的版本是,对于一些Ruby版本来说,RVM下载预编译的二进制文件,在错误的位置查找证书。通过强制RVM下载源代码并在自己的机器上编译,可以确保证书位置的配置是正确的。

The command to do this is:

要做到这一点的命令是:

rvm install 2.2.0 --disable-binary

if you already have the version in question, you can re-install it with:

如果你已经有问题的版本,你可以重新安装:

rvm reinstall 2.2.0 --disable-binary

(obviously, substitute your ruby version as needed).

(显然,根据需要替换您的ruby版本)。

#6


20  

The issue is that ruby can not find a root certificate to trust. As of 1.9 ruby checks this. You will need to make sure that you have the curl certificate on your system in the form of a pem file. You will also need to make sure that the certificate is in the location that ruby expects it to be. You can get this certificate at...

问题是,ruby无法找到信任的根证书。在1.9的时候,ruby检查了这个。您需要确保您的系统上的curl证书的形式是pem文件。您还需要确保证书位于ruby所期望的位置。你可以在……

http://curl.haxx.se/ca/cacert.pem

If your a RVM and OSX user then your certificate file location will vary based on what version of ruby your using. Setting the path explicitly with :ca_path is a BAD idea as your code will not be portable when it gets to production. There for you want to provide ruby with a certificate in the default location(and assume your dev ops guys know what they are doing). You can use dtruss to work out where the system is looking for the certificate file.

如果您的RVM和OSX用户,那么您的证书文件位置将根据您使用的ruby版本而有所不同。明确地设置路径:ca_path是一个坏主意,因为当代码到达生产时,它将无法移植。在这里,您希望为ruby提供默认位置的证书(并假设您的dev操作人员知道他们正在做什么)。您可以使用dtruss来确定系统正在查找证书文件的位置。

In my case the system was looking for the cert file in

在我的案例中,系统正在寻找cert文件。

/Users/stewart.matheson/.rvm/usr/ssl/cert.pem

however MACOSX system would expect a certificate in

然而,MACOSX系统需要一个证书。

/System/Library/OpenSSL/cert.pem

I copied the downloaded cert to this path and it worked. HTH

我把下载的证书复制到这条路径上,它就成功了。HTH

#7


19  

The new certified gem is designed to fix this:

新的认证宝石的设计是为了解决这个问题:

https://github.com/stevegraham/certified

https://github.com/stevegraham/certified

#8


16  

On Mac OS X Lion with the latest macport:

Mac OS X Lion上最新的macport:

sudo port install curl-ca-bundle  
export SSL_CERT_FILE=/opt/local/share/curl/curl-ca-bundle.crt  

Then, rerun the failed job.

然后,重新运行失败的作业。

Note, the cert file location seems to have changed since Eric G answered on May 12.

注意,自从Eric G在5月12日回复后,cert文件位置似乎发生了变化。

#9


14  

Just add gem 'certified' in your gemfile and run bundle install.

只需在您的gemfile中添加gem“认证”,并运行bundle install。

  1. gem 'certified'
  2. 宝石“认证”
  3. bundle install
  4. 包安装

#10


14  

A one liner fixes it for Windows in an Admin prompt

在一个管理提示符中,有一个内衬为Windows修复它。

choco install wget (first see chocolatey.org)

choco安装wget(第一次看到chocolatey.org)

wget http://curl.haxx.se/ca/cacert.pem -O C:\cacert.pem && setx /M SSL_CERT_FILE "C:\cacert.pem"

Or just do this:

还是这样做:

gem sources -r https://rubygems.org/
gem sources -a http://rubygems.org/

Milanio's method:

Milanio的方法:

gem sources -r https://rubygems.org
gem sources -a http://rubygems.org 
gem update --system
gem sources -r http://rubygems.org
gem sources -a https://rubygems.org

gem install [NAME_OF_GEM]

#11


13  

Well this worked for me

这对我很有效。

rvm pkg install openssl
rvm reinstall 1.9.2 --with-openssl-dir=$rvm_path/usr

Something is wrong with openssl implementation of my ubuntu 12.04

我的ubuntu 12.04的openssl实现有问题。

#12


12  

I've try install curl-ca-bundle with brew, but the package is no available more:

我尝试用brew来安装curl-ca-bundle,但是这个包没有更多的可用:

$ brew install curl-ca-bundle
Error: No available formula for curl-ca-bundle 
Searching formulae...
Searching taps...

The solution that worked to me on Mac was:

我在Mac上的解决方案是:

 $ cd /usr/local/etc/openssl/certs/
 $ sudo curl -O http://curl.haxx.se/ca/cacert.pem

Add this line in your ~/.bash_profile (or ~/.zshrc for zsh):

把这条线加进你的~/。bash_profile(或~ /。zshrc zsh):

export SSL_CERT_FILE=/usr/local/etc/openssl/certs/cacert.pem

Then update your terminal:

然后更新您的终端:

$ source ~/.bash_profile

#13


12  

Here's another option for debugging purposes.

这里还有一个用于调试的选项。

Be sure never to use this in any production environment, as it will negate benefits of using SSL in the first place. It is only ever valid to do this in your local development environment.

一定不要在任何生产环境中使用它,因为它首先会否定使用SSL的好处。只有在本地开发环境中这样做才有效。

require 'openssl'
OpenSSL::SSL::VERIFY_PEER = OpenSSL::SSL::VERIFY_NONE

#14


11  

While knowing it's rather a lame solution, I'm still sharing this because it seems like very few people answering here use Windows, and I think some of Windows users (me included) would appreciate a simple and intuitive approach.

虽然我知道这是一个很蹩脚的解决方案,但我仍然在分享它,因为似乎很少有人在这里使用Windows,而且我认为一些Windows用户(包括我)会欣赏一个简单而直观的方法。

require 'openssl'
puts OpenSSL::X509::DEFAULT_CERT_FILE

That tells where your openssl is looking for the cert file. My name is not Luis, but mine was C:/Users/Luis/Code/luislavena/knap-build/var/knapsack/software/x86-windows/openssl/1.0.0l/ssl/cert.pem. The path may be different depending on each own environments (e.g. openknapsack instead of luislavena).

这说明了您的openssl正在寻找cert文件。我的名字不是路易斯,但我的名字是C:/用户/路易斯/代码/luislavena/knap-build/var/knapsack/软件/x86-windows/openssl/1.0.0l/ssl/cert.pem。根据不同的环境(例如openknapsack而不是luislavena),路径可能会有所不同。

The path didn't change even after set SSL_CERT_FILE=C:\foo\bar\baz\cert.pem via the console, so... I created the directory C:\Users\Luis\Code\luislavena\knap-build\var\knapsack\software\x86-windows\openssl\1.0.0l\ssl in my local disk and put a cert file into it.

即使在设置了SSL_CERT_FILE=C:\foo\ baz\cert之后,路径也没有改变。pem通过控制台,所以…我创建了目录C:\Users\Luis\Code\luislavena\knap-build\var\knapsack\software\ x86-windows \ openssl \ 1.0.0l \ ssl在我本地磁盘,把证书文件。

Lame as it is, this will surely work.

尽管这很蹩脚,但这肯定能奏效。

#15


10  

I had this same issue while working on a Ruby project. I am using Windows 7 64bit.

我在做Ruby项目时遇到了同样的问题。我使用的是Windows 7 64位。

I resolved this by:

我解决了这个:

  1. Downloading the cacert.pem file from http://curl.haxx.se/ca/cacert.pem.
  2. 下载cacert。pem文件从http://curl.haxx.se/ca/cacert.pem。
  3. Saved that file to C:/RubyCertificates/cacert.pem
  4. 将该文件保存到C:/RubyCertificates/cacert.pem。
  5. Then set my environmental variable "SSL_CERT_FILE" to "C:\RubyCertificates\cacert.pem"
  6. 然后将我的环境变量“SSL_CERT_FILE”设置为“C:\RubyCertificates\cacert.pem”。

source: https://gist.github.com/fnichol/867550

来源:https://gist.github.com/fnichol/867550

#16


7  

The most straightforward answer which worked for me was this

对我来说最直接的答案是这样的。

sudo apt-get install openssl ca-certificates

And voila!!!

瞧! ! !

#17


6  

OS X 10.8.x with Homebrew:

OS X 10.8。x自制程序:

brew install curl-ca-bundle
brew list curl-ca-bundle
cp /usr/local/Cellar/curl-ca-bundle/1.87/share/ca-bundle.crt /usr/local/etc/openssl/cert.pem

#18


4  

Then, as this blog post suggests,

然后,正如这篇博文所暗示的,

"How to Cure Net::HTTP’s Risky Default HTTPS Behavior"

“如何治疗网络:HTTP的危险的默认HTTPS行为”

you might want to install the always_verify_ssl_certificates gem that allow you to set a default value for ca_file.

您可能需要安装always_verify_ssl_certificate gem,它允许您为ca_file设置一个默认值。

#19


4  

This worked for me. If you using rvm and brew:

这为我工作。如果你使用rvm和brew:

rvm remove 1.9.3
brew install openssl
rvm install 1.9.3 --with-openssl-dir=`brew --prefix openssl`

#20


4  

I ran into this issue and the suggested fix of rvm osx-ssl-certs update all did not work despite that I am an RVM user on OSX.

我遇到了这个问题,尽管我是OSX的rvm用户,但rvm OSX -ssl-certs更新的建议修复程序都没有工作。

The fix that worked for me was re-installing the latest version of openssl:

为我工作的修复程序正在重新安装openssl的最新版本:

brew update
brew remove openssl
brew install openssl

#21


4  

I fixed this problem by running this in terminal. Full writeup is available over here

我在终端上运行这个问题解决了这个问题。全写在这里。

rvm install 2.2.0 --disable-binary

#22


3  

OSX solution:

OSX的解决方案:

install latest rvm stable version

安装最新的rvm稳定版本。

rvm get stable

use rvm command to solve the certificates automatically

使用rvm命令自动解决证书。

rvm osx-ssl-certs update all

#23


2  

Here's what I did that helped if you are specifically having a problem on Leopard.

这是我所做的,如果你在Leopard上有问题的话。

My cert was old and needed to be updated. I downloaded this:

我的证书旧了,需要更新。我下载:

http://curl.haxx.se/ca/cacert.pem

http://curl.haxx.se/ca/cacert.pem

Then replaced my cert which was found here on Leopard:

然后,在豹身上找到了我的证书。

/usr/share/curl/curl-ca-bundle.crt

Reload whatever you have that's accessing it and you should be good to go!

重新加载任何你拥有的访问它,你应该是好的去!

#24


2  

Just because instructions were a slight bit different for what worked for me, I thought I add my 2 cents:

只是因为指导对我来说有点不同,我想我加了2分:

I'm on OS X Lion and using macports and rvm

我在OS X Lion上使用macports和rvm。

I installed curl-ca-bundle:

我安装了curl-ca-bundle:

sudo port install curl-ca-bundle

Then I adjusted my omniauth config to be this:

然后我调整了我的omniauth配置:

Rails.application.config.middleware.use OmniAuth::Builder do
  provider :google_oauth2, APP_CONFIG['CONSUMER_KEY'], APP_CONFIG['CONSUMER_SECRET'],
           :scope => 'https://www.google.com/m8/feeds https://www.googleapis.com/auth/userinfo.profile',
           :ssl => {:ca_path => "/share/curl/curl-ca-bundle.crt"}
end

#25


2  

If you have a symbolic link in the /usr/local/etc/openssl pointing to cert.pem try to do this:

如果您在/usr/local/etc/openssl中有一个符号链接指向cert.pem,请尝试这样做:

ruby -ropenssl -e "p OpenSSL::X509::DEFAULT_CERT_FILE" (should be /usr/local/etc/openssl)
cd /usr/local/etc/openssl
wget http://curl.haxx.se/ca/cacert.pem
ln -s cacert.pem 77ee3751.0 (77ee3751.0 is my symbolic link, should depend on the openssl version)

#26


2  

If you are running your rails app locally then just add this line at the bottom of application.rb.

如果您在本地运行rails应用程序,那么只需将这条线添加到application.rb的底部。

OpenSSL::SSL::VERIFY_PEER = OpenSSL::SSL::VERIFY_NONE

After this you can use the app without any issues. You may call it a hack but it is not recommended. Use only when you need to run locally

之后你就可以不用任何问题就可以使用这个应用了。你可以称它为hack,但不推荐它。仅当您需要在本地运行时才使用。

#27


1  

I had trouble for a number of days and was hacking around. This link proved out to be extremely helpful for me. It helped me to do a successful upgrade of the SSL on MAC OS X 9.

我有好几天都遇到了麻烦,而且还在到处乱跑。这个链接对我来说是非常有帮助的。它帮助我在MAC OS X 9上成功地升级了SSL。

#28


1  

Adding gem 'certified', '~> 1.0' to my Gemfile and running bundle solved this issue for me.

添加gem“认证”,“~> 1.0”到我的Gemfile和运行包,为我解决了这个问题。

#29


1  

Just run the certified-update executable and this command will make sure that all your certificates are up-to-date.

只需运行验证更新可执行文件,此命令将确保所有证书都是最新的。

This worked for my Ruby on Rails application in Windows.

这对我在Windows中的Ruby on Rails应用程序起了作用。

#30


1  

I had to reinstall Ruby. This should solve it if you are using Ubuntu & rbenv:

我必须重新安装Ruby。如果你使用Ubuntu和rbenv,这应该能解决问题:

rbenv uninstall your_version

# install dependencies
sudo apt-get install autoconf bison build-essential libssl-dev libyaml-dev libreadline6-dev zlib1g-dev libncurses5-dev libffi-dev libgdbm3 libgdbm-dev

# install ruby with patch
curl -fsSL https://gist.github.com/mislav/055441129184a1512bb5.txt | \
  rbenv install --patch your_version

For more information, check out the rbenv Wiki on the matter.

要了解更多信息,请查看rbenv Wiki。

#1


134  

I ran into a similar problem when trying to use the JQuery generator for Rails 3

在尝试使用JQuery生成器进行Rails 3时,我遇到了类似的问题。

I solved it like this:

我这样解它:

  1. Get the CURL Certificate Authority (CA) bundle. You can do this with:

    获取CURL证书权限(CA)包。你可以这样做:

    • sudo port install curl-ca-bundle [if you are using MacPorts]
    • sudo端口安装curl-ca-bundle[如果您使用的是MacPorts]
    • or just pull it down directly wget http://curl.haxx.se/ca/cacert.pem
    • 或者直接把它拉下来,就可以找到http://curl.haxx.se/ca/cacert.pem。
  2. Execute the ruby code that is trying to verify the SSL certification: SSL_CERT_FILE=/opt/local/etc/certs/cacert.pem rails generate jquery:install. In your case, you want to either set this as an environment variable somewhere the server picks it up or add something like ENV['SSL_CERT_FILE'] = /path/to/your/new/cacert.pem in your environment.rb file.

    执行试图验证SSL证书的ruby代码:SSL_CERT_FILE=/opt/local/etc/certs/cacert。jquery:pem rails生成安装。在您的情况下,您希望将其设置为服务器接收到的环境变量,或者添加ENV['SSL_CERT_FILE'] = /path/to/ new/cacert。在您的环境中pem。rb文件。

You can also just install the CA files (I haven't tried this) to the OS -- there are lengthy instructions here -- this should work in a similar fashion, but I have not tried this personally.

您还可以将CA文件(我没有尝试过)安装到操作系统——这里有很长的指令——这应该以类似的方式工作,但我没有亲自尝试过。

Basically, the issue you are hitting is that some web service is responding with a certificate signed against a CA that OpenSSL cannot verify.

基本上,您所遇到的问题是,一些web服务使用与OpenSSL无法验证的CA签署的证书来响应。

#2


130  

If you're using RVM on OS X, you probably need to run this:

如果您在OS X上使用RVM,您可能需要运行以下操作:

rvm osx-ssl-certs update all

More information here: http://rvm.io/support/fixing-broken-ssl-certificates

更多信息:http://rvm.io/support/fixing-broken-ssl-certificates

And here is the full explanation: https://github.com/wayneeseguin/rvm/blob/master/help/osx-ssl-certs.md

这里有一个完整的解释:https://github.com/wayneeseguin/rvm/blob/master/help/osx-ssl-certs.md。


Update

On Ruby 2.2, you may have to reinstall Ruby from source to fix this. Here's how (replace 2.2.3 with your Ruby version):

在Ruby 2.2上,您可能需要从源代码重新安装Ruby来解决这个问题。以下是如何(用你的Ruby版本替换2.2.3):

rvm reinstall 2.2.3 --disable-binary

Credit to https://*.com/a/32363597/4353 and Ian Connor.

Credit到https://*.com/a/32363597/4353和Ian Connor。

#3


122  

Here's how you can fix it on Windows: https://gist.github.com/867550 (created by Fletcher Nichol)

以下是如何在Windows上修复它的方法:https://gist.github.com/867550(由Fletcher Nichol创建)

Excerpt:

摘录:

The Manual Way (Boring)

Download the cacert.pem file from http://curl.haxx.se/ca/cacert.pem. Save this file to C:\RailsInstaller\cacert.pem.

下载cacert。pem文件从http://curl.haxx.se/ca/cacert.pem。把这个文件保存到C:\RailsInstaller\cacert.pem。

Now make ruby aware of your certificate authority bundle by setting SSL_CERT_FILE. To set this in your current command prompt session, type:

现在,通过设置SSL_CERT_FILE使ruby知道您的证书权限包。要在当前命令提示会话中设置这个,请键入:

set SSL_CERT_FILE=C:\RailsInstaller\cacert.pem

To make this a permanent setting, add this in your control panel.

要使此设置为永久设置,请将其添加到控制面板中。

#4


31  

Ruby can't find any root certificates to trust.

Ruby找不到任何可以信任的根证书。

Take a look at this blog post for a solution: "Ruby 1.9 and the SSL error".

看看这个博客文章的解决方案:“Ruby 1.9和SSL错误”。

The solution is to install the curl-ca-bundle port which contains the same root certificates used by Firefox:

解决方案是安装curl-ca-bundle端口,其中包含Firefox使用的相同根证书:

sudo port install curl-ca-bundle

and tell your https object to use it:

并告诉你的https对象使用它:

https.ca_file = '/opt/local/share/curl/curl-ca-bundle.crt'

Note that if you want your code to run on Ubuntu, you need to set the ca_path attribute instead, with the default certificates location /etc/ssl/certs.

请注意,如果希望代码在Ubuntu上运行,则需要设置ca_path属性,并使用默认的证书位置/etc/ssl/cert。

#5


23  

The reason that you get this error on OSX is the rvm-installed ruby.

您在OSX上得到这个错误的原因是rvm安装的ruby。

If you run into this issue on OSX you can find a really broad explanation of it in this blog post:

如果你在OSX上遇到这个问题,你可以在这篇博文中找到一个非常宽泛的解释:

http://toadle.me/2015/04/16/fixing-failing-ssl-verification-with-rvm.html

http://toadle.me/2015/04/16/fixing-failing-ssl-verification-with-rvm.html

The short version is that, for some versions of Ruby, RVM downloads pre-compiled binaries, which look for certificates in the wrong location. By forcing RVM to download the source and compile on your own machine, you ensure that the configuration for the certificate location is correct.

简短的版本是,对于一些Ruby版本来说,RVM下载预编译的二进制文件,在错误的位置查找证书。通过强制RVM下载源代码并在自己的机器上编译,可以确保证书位置的配置是正确的。

The command to do this is:

要做到这一点的命令是:

rvm install 2.2.0 --disable-binary

if you already have the version in question, you can re-install it with:

如果你已经有问题的版本,你可以重新安装:

rvm reinstall 2.2.0 --disable-binary

(obviously, substitute your ruby version as needed).

(显然,根据需要替换您的ruby版本)。

#6


20  

The issue is that ruby can not find a root certificate to trust. As of 1.9 ruby checks this. You will need to make sure that you have the curl certificate on your system in the form of a pem file. You will also need to make sure that the certificate is in the location that ruby expects it to be. You can get this certificate at...

问题是,ruby无法找到信任的根证书。在1.9的时候,ruby检查了这个。您需要确保您的系统上的curl证书的形式是pem文件。您还需要确保证书位于ruby所期望的位置。你可以在……

http://curl.haxx.se/ca/cacert.pem

If your a RVM and OSX user then your certificate file location will vary based on what version of ruby your using. Setting the path explicitly with :ca_path is a BAD idea as your code will not be portable when it gets to production. There for you want to provide ruby with a certificate in the default location(and assume your dev ops guys know what they are doing). You can use dtruss to work out where the system is looking for the certificate file.

如果您的RVM和OSX用户,那么您的证书文件位置将根据您使用的ruby版本而有所不同。明确地设置路径:ca_path是一个坏主意,因为当代码到达生产时,它将无法移植。在这里,您希望为ruby提供默认位置的证书(并假设您的dev操作人员知道他们正在做什么)。您可以使用dtruss来确定系统正在查找证书文件的位置。

In my case the system was looking for the cert file in

在我的案例中,系统正在寻找cert文件。

/Users/stewart.matheson/.rvm/usr/ssl/cert.pem

however MACOSX system would expect a certificate in

然而,MACOSX系统需要一个证书。

/System/Library/OpenSSL/cert.pem

I copied the downloaded cert to this path and it worked. HTH

我把下载的证书复制到这条路径上,它就成功了。HTH

#7


19  

The new certified gem is designed to fix this:

新的认证宝石的设计是为了解决这个问题:

https://github.com/stevegraham/certified

https://github.com/stevegraham/certified

#8


16  

On Mac OS X Lion with the latest macport:

Mac OS X Lion上最新的macport:

sudo port install curl-ca-bundle  
export SSL_CERT_FILE=/opt/local/share/curl/curl-ca-bundle.crt  

Then, rerun the failed job.

然后,重新运行失败的作业。

Note, the cert file location seems to have changed since Eric G answered on May 12.

注意,自从Eric G在5月12日回复后,cert文件位置似乎发生了变化。

#9


14  

Just add gem 'certified' in your gemfile and run bundle install.

只需在您的gemfile中添加gem“认证”,并运行bundle install。

  1. gem 'certified'
  2. 宝石“认证”
  3. bundle install
  4. 包安装

#10


14  

A one liner fixes it for Windows in an Admin prompt

在一个管理提示符中,有一个内衬为Windows修复它。

choco install wget (first see chocolatey.org)

choco安装wget(第一次看到chocolatey.org)

wget http://curl.haxx.se/ca/cacert.pem -O C:\cacert.pem && setx /M SSL_CERT_FILE "C:\cacert.pem"

Or just do this:

还是这样做:

gem sources -r https://rubygems.org/
gem sources -a http://rubygems.org/

Milanio's method:

Milanio的方法:

gem sources -r https://rubygems.org
gem sources -a http://rubygems.org 
gem update --system
gem sources -r http://rubygems.org
gem sources -a https://rubygems.org

gem install [NAME_OF_GEM]

#11


13  

Well this worked for me

这对我很有效。

rvm pkg install openssl
rvm reinstall 1.9.2 --with-openssl-dir=$rvm_path/usr

Something is wrong with openssl implementation of my ubuntu 12.04

我的ubuntu 12.04的openssl实现有问题。

#12


12  

I've try install curl-ca-bundle with brew, but the package is no available more:

我尝试用brew来安装curl-ca-bundle,但是这个包没有更多的可用:

$ brew install curl-ca-bundle
Error: No available formula for curl-ca-bundle 
Searching formulae...
Searching taps...

The solution that worked to me on Mac was:

我在Mac上的解决方案是:

 $ cd /usr/local/etc/openssl/certs/
 $ sudo curl -O http://curl.haxx.se/ca/cacert.pem

Add this line in your ~/.bash_profile (or ~/.zshrc for zsh):

把这条线加进你的~/。bash_profile(或~ /。zshrc zsh):

export SSL_CERT_FILE=/usr/local/etc/openssl/certs/cacert.pem

Then update your terminal:

然后更新您的终端:

$ source ~/.bash_profile

#13


12  

Here's another option for debugging purposes.

这里还有一个用于调试的选项。

Be sure never to use this in any production environment, as it will negate benefits of using SSL in the first place. It is only ever valid to do this in your local development environment.

一定不要在任何生产环境中使用它,因为它首先会否定使用SSL的好处。只有在本地开发环境中这样做才有效。

require 'openssl'
OpenSSL::SSL::VERIFY_PEER = OpenSSL::SSL::VERIFY_NONE

#14


11  

While knowing it's rather a lame solution, I'm still sharing this because it seems like very few people answering here use Windows, and I think some of Windows users (me included) would appreciate a simple and intuitive approach.

虽然我知道这是一个很蹩脚的解决方案,但我仍然在分享它,因为似乎很少有人在这里使用Windows,而且我认为一些Windows用户(包括我)会欣赏一个简单而直观的方法。

require 'openssl'
puts OpenSSL::X509::DEFAULT_CERT_FILE

That tells where your openssl is looking for the cert file. My name is not Luis, but mine was C:/Users/Luis/Code/luislavena/knap-build/var/knapsack/software/x86-windows/openssl/1.0.0l/ssl/cert.pem. The path may be different depending on each own environments (e.g. openknapsack instead of luislavena).

这说明了您的openssl正在寻找cert文件。我的名字不是路易斯,但我的名字是C:/用户/路易斯/代码/luislavena/knap-build/var/knapsack/软件/x86-windows/openssl/1.0.0l/ssl/cert.pem。根据不同的环境(例如openknapsack而不是luislavena),路径可能会有所不同。

The path didn't change even after set SSL_CERT_FILE=C:\foo\bar\baz\cert.pem via the console, so... I created the directory C:\Users\Luis\Code\luislavena\knap-build\var\knapsack\software\x86-windows\openssl\1.0.0l\ssl in my local disk and put a cert file into it.

即使在设置了SSL_CERT_FILE=C:\foo\ baz\cert之后,路径也没有改变。pem通过控制台,所以…我创建了目录C:\Users\Luis\Code\luislavena\knap-build\var\knapsack\software\ x86-windows \ openssl \ 1.0.0l \ ssl在我本地磁盘,把证书文件。

Lame as it is, this will surely work.

尽管这很蹩脚,但这肯定能奏效。

#15


10  

I had this same issue while working on a Ruby project. I am using Windows 7 64bit.

我在做Ruby项目时遇到了同样的问题。我使用的是Windows 7 64位。

I resolved this by:

我解决了这个:

  1. Downloading the cacert.pem file from http://curl.haxx.se/ca/cacert.pem.
  2. 下载cacert。pem文件从http://curl.haxx.se/ca/cacert.pem。
  3. Saved that file to C:/RubyCertificates/cacert.pem
  4. 将该文件保存到C:/RubyCertificates/cacert.pem。
  5. Then set my environmental variable "SSL_CERT_FILE" to "C:\RubyCertificates\cacert.pem"
  6. 然后将我的环境变量“SSL_CERT_FILE”设置为“C:\RubyCertificates\cacert.pem”。

source: https://gist.github.com/fnichol/867550

来源:https://gist.github.com/fnichol/867550

#16


7  

The most straightforward answer which worked for me was this

对我来说最直接的答案是这样的。

sudo apt-get install openssl ca-certificates

And voila!!!

瞧! ! !

#17


6  

OS X 10.8.x with Homebrew:

OS X 10.8。x自制程序:

brew install curl-ca-bundle
brew list curl-ca-bundle
cp /usr/local/Cellar/curl-ca-bundle/1.87/share/ca-bundle.crt /usr/local/etc/openssl/cert.pem

#18


4  

Then, as this blog post suggests,

然后,正如这篇博文所暗示的,

"How to Cure Net::HTTP’s Risky Default HTTPS Behavior"

“如何治疗网络:HTTP的危险的默认HTTPS行为”

you might want to install the always_verify_ssl_certificates gem that allow you to set a default value for ca_file.

您可能需要安装always_verify_ssl_certificate gem,它允许您为ca_file设置一个默认值。

#19


4  

This worked for me. If you using rvm and brew:

这为我工作。如果你使用rvm和brew:

rvm remove 1.9.3
brew install openssl
rvm install 1.9.3 --with-openssl-dir=`brew --prefix openssl`

#20


4  

I ran into this issue and the suggested fix of rvm osx-ssl-certs update all did not work despite that I am an RVM user on OSX.

我遇到了这个问题,尽管我是OSX的rvm用户,但rvm OSX -ssl-certs更新的建议修复程序都没有工作。

The fix that worked for me was re-installing the latest version of openssl:

为我工作的修复程序正在重新安装openssl的最新版本:

brew update
brew remove openssl
brew install openssl

#21


4  

I fixed this problem by running this in terminal. Full writeup is available over here

我在终端上运行这个问题解决了这个问题。全写在这里。

rvm install 2.2.0 --disable-binary

#22


3  

OSX solution:

OSX的解决方案:

install latest rvm stable version

安装最新的rvm稳定版本。

rvm get stable

use rvm command to solve the certificates automatically

使用rvm命令自动解决证书。

rvm osx-ssl-certs update all

#23


2  

Here's what I did that helped if you are specifically having a problem on Leopard.

这是我所做的,如果你在Leopard上有问题的话。

My cert was old and needed to be updated. I downloaded this:

我的证书旧了,需要更新。我下载:

http://curl.haxx.se/ca/cacert.pem

http://curl.haxx.se/ca/cacert.pem

Then replaced my cert which was found here on Leopard:

然后,在豹身上找到了我的证书。

/usr/share/curl/curl-ca-bundle.crt

Reload whatever you have that's accessing it and you should be good to go!

重新加载任何你拥有的访问它,你应该是好的去!

#24


2  

Just because instructions were a slight bit different for what worked for me, I thought I add my 2 cents:

只是因为指导对我来说有点不同,我想我加了2分:

I'm on OS X Lion and using macports and rvm

我在OS X Lion上使用macports和rvm。

I installed curl-ca-bundle:

我安装了curl-ca-bundle:

sudo port install curl-ca-bundle

Then I adjusted my omniauth config to be this:

然后我调整了我的omniauth配置:

Rails.application.config.middleware.use OmniAuth::Builder do
  provider :google_oauth2, APP_CONFIG['CONSUMER_KEY'], APP_CONFIG['CONSUMER_SECRET'],
           :scope => 'https://www.google.com/m8/feeds https://www.googleapis.com/auth/userinfo.profile',
           :ssl => {:ca_path => "/share/curl/curl-ca-bundle.crt"}
end

#25


2  

If you have a symbolic link in the /usr/local/etc/openssl pointing to cert.pem try to do this:

如果您在/usr/local/etc/openssl中有一个符号链接指向cert.pem,请尝试这样做:

ruby -ropenssl -e "p OpenSSL::X509::DEFAULT_CERT_FILE" (should be /usr/local/etc/openssl)
cd /usr/local/etc/openssl
wget http://curl.haxx.se/ca/cacert.pem
ln -s cacert.pem 77ee3751.0 (77ee3751.0 is my symbolic link, should depend on the openssl version)

#26


2  

If you are running your rails app locally then just add this line at the bottom of application.rb.

如果您在本地运行rails应用程序,那么只需将这条线添加到application.rb的底部。

OpenSSL::SSL::VERIFY_PEER = OpenSSL::SSL::VERIFY_NONE

After this you can use the app without any issues. You may call it a hack but it is not recommended. Use only when you need to run locally

之后你就可以不用任何问题就可以使用这个应用了。你可以称它为hack,但不推荐它。仅当您需要在本地运行时才使用。

#27


1  

I had trouble for a number of days and was hacking around. This link proved out to be extremely helpful for me. It helped me to do a successful upgrade of the SSL on MAC OS X 9.

我有好几天都遇到了麻烦,而且还在到处乱跑。这个链接对我来说是非常有帮助的。它帮助我在MAC OS X 9上成功地升级了SSL。

#28


1  

Adding gem 'certified', '~> 1.0' to my Gemfile and running bundle solved this issue for me.

添加gem“认证”,“~> 1.0”到我的Gemfile和运行包,为我解决了这个问题。

#29


1  

Just run the certified-update executable and this command will make sure that all your certificates are up-to-date.

只需运行验证更新可执行文件,此命令将确保所有证书都是最新的。

This worked for my Ruby on Rails application in Windows.

这对我在Windows中的Ruby on Rails应用程序起了作用。

#30


1  

I had to reinstall Ruby. This should solve it if you are using Ubuntu & rbenv:

我必须重新安装Ruby。如果你使用Ubuntu和rbenv,这应该能解决问题:

rbenv uninstall your_version

# install dependencies
sudo apt-get install autoconf bison build-essential libssl-dev libyaml-dev libreadline6-dev zlib1g-dev libncurses5-dev libffi-dev libgdbm3 libgdbm-dev

# install ruby with patch
curl -fsSL https://gist.github.com/mislav/055441129184a1512bb5.txt | \
  rbenv install --patch your_version

For more information, check out the rbenv Wiki on the matter.

要了解更多信息,请查看rbenv Wiki。