How to solve "certificate verify failed" on Windows?

I am trying to use signet for OAuth to Google services. And get this error:

SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed

Following these questions:

• SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
• OmniAuth & Facebook: certificate verify failed

Seems the solution is either to fix ca_path or to set VERIFY_NONE for SSL.

The ca_path fix posted only works on Linux (port install) and the fix for VERIFY_NONE seems to be for faraday.

Is there a solution for Windows/signet gem?

Actually the best way I found to solve this in windows for Ruby itself, not just one gem, is to do the following:

1. Download https://curl.haxx.se/ca/cacert.pem into c:\railsinstaller\cacert.pem. Make sure you save it as a .pem file, rather than a text file.

2. Go to your Computer -> Advanced Settings -> Environment Variables

3. Create a new System Variable:

   Variable: SSL_CERT_FILE Value: C:\RailsInstaller\cacert.pem

4. Close all your command prompts, including your Rails server command prompt, etc.

5. Start a new ruby irb prompt, and try the following:

    $irb>require 'open-uri'
    $irb>open('https://www.gmail.com')
   

It should all work now just fine.

Solution for Windows, which I cobbled together from a few different answers:

1. Download [https://curl.haxx.se/ca/cacert.pem][1] and put it in YOUR_APP/lib/assets (or wherever)

2. In config/initializers/omniauth.rb: > #config/initializers/omniauth.rb > Rails.application.config.middleware.use OmniAuth::Builder do > provider :facebook, CUSTOMER_KEY, CUSTOMER_SECRET, {client_options: {ssl: {ca_file: Rails.root.join('lib/assets/cacert.pem').to_s}}} > end

3. Obviously, restart your server.

Footnotes: You might be able to cut out a lot of the unnecessary certificates in the cacert.pem file to reduce the size. If you only need this solution for development, you could save the file outside of your project and do a if Rails.env.development? provider line with the client_options hash else provider line without client_options hash end [1]: https://curl.haxx.se/ca/cacert.pem

After too much searching and wasted time, I found a very simple solution to fix this issue in Ruby with Windows.

Two simple steps:

1. In command prompt write: C:\gem install certified

2. In your rb file add: require 'certified'

That's it.

yes, I've set the omniouth.rb file in the initializers folder to this:

provider :facebook, FACEBOOK_KEY, FACEBOOK_SECRET, {:client_options => {:ssl => {:verify => false}}}

and this seems to work fine now. But don't use this for production.

Updating the rubygems package management framework solved this issue for me on Windows 7.

https://rubygems.org/pages/download

gem update --system          # may need to be administrator or root

Using the http:// URL instead of https:// make this easier to you

Change the gem source to http://rubygems.org/ by using the following line of command on your ruby command line

gem sources -a http://rubygems.org/

Adding onto DevDude's solution, but using Windows Powershell:

> Download http://curl.haxx.se/ca/cacert.pem into c:\railsinstaller\cacert.pem

At the powershell prompt:

$env:SSL_CERT_FILE = 'c:\RailsInstaller\cacert.pem'

I was then able to run gem update successfully

Note: you can simply define that environment variable in your profile notepad $profile

Go to the rubygems-update download page: https://rubygems.org/gems/rubygems-update

Click on the Download link, and you'll download a file called rubygems-update-2.6.7.gem. At the command line, navigate to the directory you downloaded the .gem file to and type:

gem install rubygems-update-2.6.7.gem

(or whatever the filename was, if a newer version)

Then type:

update_rubygems

You can verify it's updated with:

gem --version

I had this error whilst trying to setup rails 5 on a windows machine, turns out I had to update the rubygem version to 2.6.7 and then it worked.

step 1 download rubygem from below

https://rubygems.org/downloads/rubygems-update-2.6.7.gem

step 2 - install by pointing to downloaded rubygems

gem install --local C:\rubygems-update-2.6.7.gem

step 3 - check new version is 2.6.7

gem --version

step 4 - now safely un-install rubygems-update gem

gem uninstall rubygems-update -x

step 5 tried to install rails 5 again

gem install rails --version 5.0.0

worked like a charm!

I got info from: http://guides.rubygems.org/ssl-certificate-update/#installing-using-update-packages

I was able to eliminate the PATH or SYSTEM VARIABLE setting mentioned above by importing the certificate as a Trusted Authority.

1. Invoke certmgr.msc
2. Right-click the Trusted Root Certificate Authority folder.
3. Select "All Tasks"
4. Select "Import"
5. Select All Files in file type dropdown and select the cacert.pem file.
6. You should receive a message "Import Successful"

I believe the correct answer is to update your gem installer: rubygems-update. The explanation for why this is needed is found at: Ssl Certificate Updates

save your cacert.pmp file from https://curl.haxx.se/ca/cacert.pem and then add this file to location yourruby-installation folder\lib\ruby\2.3.0\rubygems\ssl_certs

for example:C:\Ruby23\lib\ruby\2.3.0\rubygems\ssl_certs

This helped me: https://coderwall.com/p/ubl6iw/fix-ssl_connect-returned-1-errno-0-state-sslv3-read-server-certificate-b-certificate-verify-failed-openssl-ssl-sslerror My ruby on rails project is posting data to an api internally, and it cannot verify the internal certificate. These lines helped:

require 'https'

http = Net::HTTP.new('example.com', 443)
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_PEER

http.cert_store = OpenSSL::X509::Store.new
http.cert_store.set_default_paths
http.cert_store.add_file('/path/to/internal.cert.pem')

Hope this can help.

I was also facing this issue when I installed older ruby versions. When I installed the latest Ruby version this problem went away. So basically the SSL certificate needed to be updated.

For people who are using rails 4.

Add this in devise.rb

require "omniauth-google-oauth2"
config.omniauth :google_oauth2, "CLIENT_ID", "CLIENT_SECRET", { access_type: "offline", approval_prompt: "", :client_options => {:ssl => {:verify => false}} }