I was just checking a more automated way of cleaning my non-recent Twitter posts when, running the small program, I got hit by an error like:
OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=...
read server certificate ...: certificate verify failed
If you check around the net, the first solution they say is to add this dangerous line:
OpenSSL::SSL::VERIFY_PEER = OpenSSL::SSL::VERIFY_NONE
But, deactivating security is not the best approach, so after some digging I came across a nice post (link is dead) that explains the issues, how to debug the specific problem, and partially how to solve it. As I use Windows, the instructions weren't so complete, but it all sums to:
- Download a CA certificate bundle, like for example Mozilla's
- Install the .crt file (I installed it for All Users)
- Setup the following OpenSSL system variables:
- SSL_CERT_DIR: Point to where you left the CA bundle
- SSL_CERT_FILE: Point to the .pem file
Restart your command line, and you should be able to run with SSL peer verification active (as you should).