OpenSSL certificate verify failed on Ruby & Windows

I was just checking a more automated way of cleaning my non-recent Twitter posts when, running the small program, I got hit by an error like:

OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=...
read server certificate ...: certificate verify failed

If you check around the net, the first solution they say is to add this dangerous line:

OpenSSL::SSL::VERIFY_PEER = OpenSSL::SSL::VERIFY_NONE

But, deactivating security is not the best approach, so after some digging I came across a nice post that explains the issues, how to debug the specific problem, and partially how to solve it. As I use Windows, the instructions weren't so complete, but it all sums to:

  • Download a CA certificate bundle, like for example Mozilla's
  • Install the .crt file (I installed it for All Users)
  • Setup the following OpenSSL system variables:
    • SSL_CERT_DIR: Point to where you left the CA bundle
    • SSL_CERT_FILE: Point to the .pem file

Restart your command line, and you should be able to run with SSL peer verification active (as you should).

Posted by Kartones on 2014-09-25

Comments?

Share via: Twitter Linkedin Google+ Facebook