How to solve "certificate verify failed" on Windows?
Ruby on-RailsSslRuby on-Rails Problem Overview
I am trying to use signet for OAuth to Google services. And get this error:
SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
Following these questions:
- SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
- OmniAuth & Facebook: certificate verify failed
Seems the solution is either to fix ca_path
or to set .VERIFY_NONE
for SSL
The ca_path
fix posted only works on Linux (port install) and the fix for VERIFY_NONE
seems to be for faraday.
Is there a solution for Windows/signet gem?
Ruby on-Rails Solutions
Solution 1 - Ruby on-Rails
Actually the best way I found to solve this in windows for Ruby itself, not just one gem, is to do the following:
-
Download https://curl.haxx.se/ca/cacert.pem into c:\railsinstaller\cacert.pem. Make sure you save it as a .pem file, rather than a text file.
-
Go to your Computer -> Advanced Settings -> Environment Variables
-
Create a new System Variable:
Variable: SSL_CERT_FILE Value: C:\RailsInstaller\cacert.pem
-
Close all your command prompts, including your Rails server command prompt, etc.
-
Start a new ruby irb prompt, and try the following:
$irb>require 'open-uri' $irb>open('https://www.gmail.com')
It should all work now just fine.
Solution 2 - Ruby on-Rails
Solution for Windows, which I cobbled together from a few different answers:
-
Download [https://curl.haxx.se/ca/cacert.pem][1] and put it in YOUR_APP/lib/assets (or wherever)
-
In config/initializers/omniauth.rb: > #config/initializers/omniauth.rb > Rails.application.config.middleware.use OmniAuth::Builder do > provider :facebook, CUSTOMER_KEY, CUSTOMER_SECRET, {client_options: {ssl: {ca_file: Rails.root.join('lib/assets/cacert.pem').to_s}}} > end
-
Obviously, restart your server.
Footnotes:
You might be able to cut out a lot of the unnecessary certificates in the cacert.pem file to reduce the size. If you only need this solution for development, you could save the file outside of your project and do a if Rails.env.development?
provider line with the client_options hash else
provider line without client_options hash end
[1]: https://curl.haxx.se/ca/cacert.pem
Solution 3 - Ruby on-Rails
After too much searching and wasted time, I found a very simple solution to fix this issue in Ruby with Windows.
Two simple steps:
-
In command prompt write:
C:\gem install certified
-
In your
rb
file add:require 'certified'
That's it.
Solution 4 - Ruby on-Rails
yes, I've set the omniouth.rb file in the initializers folder to this:
provider :facebook, FACEBOOK_KEY, FACEBOOK_SECRET, {:client_options => {:ssl => {:verify => false}}}
and this seems to work fine now. But don't use this for production.
Solution 5 - Ruby on-Rails
Updating the rubygems package management framework solved this issue for me on Windows 7.
https://rubygems.org/pages/download
gem update --system # may need to be administrator or root
Solution 6 - Ruby on-Rails
Using the http:// URL instead of https:// make this easier to you
Change the gem source to http://rubygems.org/ by using the following line of command on your ruby command line
gem sources -a http://rubygems.org/
Solution 7 - Ruby on-Rails
Adding onto DevDude's solution, but using Windows Powershell:
> Download http://curl.haxx.se/ca/cacert.pem into c:\railsinstaller\cacert.pem
At the powershell prompt:
$env:SSL_CERT_FILE = 'c:\RailsInstaller\cacert.pem'
I was then able to run gem update
successfully
Note: you can simply define that environment variable in your profile notepad $profile
Solution 8 - Ruby on-Rails
Go to the rubygems-update download page: https://rubygems.org/gems/rubygems-update
Click on the Download link, and you'll download a file called rubygems-update-2.6.7.gem. At the command line, navigate to the directory you downloaded the .gem file to and type:
gem install rubygems-update-2.6.7.gem
(or whatever the filename was, if a newer version)
Then type:
update_rubygems
You can verify it's updated with:
gem --version
Solution 9 - Ruby on-Rails
I had this error whilst trying to setup rails 5 on a windows machine, turns out I had to update the rubygem version to 2.6.7 and then it worked.
step 1 download rubygem from below
https://rubygems.org/downloads/rubygems-update-2.6.7.gem
step 2 - install by pointing to downloaded rubygems
gem install --local C:\rubygems-update-2.6.7.gem
step 3 - check new version is 2.6.7
gem --version
step 4 - now safely un-install rubygems-update gem
gem uninstall rubygems-update -x
step 5 tried to install rails 5 again
gem install rails --version 5.0.0
worked like a charm!
I got info from: http://guides.rubygems.org/ssl-certificate-update/#installing-using-update-packages
Solution 10 - Ruby on-Rails
I was able to eliminate the PATH or SYSTEM VARIABLE setting mentioned above by importing the certificate as a Trusted Authority.
- Invoke certmgr.msc
- Right-click the Trusted Root Certificate Authority folder.
- Select "All Tasks"
- Select "Import"
- Select All Files in file type dropdown and select the cacert.pem file.
- You should receive a message "Import Successful"
Solution 11 - Ruby on-Rails
I believe the correct answer is to update your gem installer: rubygems-update. The explanation for why this is needed is found at: Ssl Certificate Updates
Solution 12 - Ruby on-Rails
save your cacert.pmp file from https://curl.haxx.se/ca/cacert.pem and then add this file to location yourruby-installation folder\lib\ruby\2.3.0\rubygems\ssl_certs
for example:C:\Ruby23\lib\ruby\2.3.0\rubygems\ssl_certs
Solution 13 - Ruby on-Rails
This helped me: https://coderwall.com/p/ubl6iw/fix-ssl_connect-returned-1-errno-0-state-sslv3-read-server-certificate-b-certificate-verify-failed-openssl-ssl-sslerror My ruby on rails project is posting data to an api internally, and it cannot verify the internal certificate. These lines helped:
require 'https'
http = Net::HTTP.new('example.com', 443)
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_PEER
http.cert_store = OpenSSL::X509::Store.new
http.cert_store.set_default_paths
http.cert_store.add_file('/path/to/internal.cert.pem')
Hope this can help.
Solution 14 - Ruby on-Rails
I was also facing this issue when I installed older ruby versions. When I installed the latest Ruby version this problem went away. So basically the SSL certificate needed to be updated.
Solution 15 - Ruby on-Rails
For people who are using rails 4.
Add this in devise.rb
require "omniauth-google-oauth2"
config.omniauth :google_oauth2, "CLIENT_ID", "CLIENT_SECRET", { access_type: "offline", approval_prompt: "", :client_options => {:ssl => {:verify => false}} }