0
Could not verify the SSL certificate for https://rubygems.<domain_removed>.com/.
There is a chance you are experiencing a man-in-the-middle attack, but most likely your system
doesn't have the CA certificates needed for verification. For information about OpenSSL
certificates, see bit.ly/ruby-ssl. To connect without using SSL, edit your Gemfile sources and
change 'https' to 'http'.

I got the error above when trying to bundle an existing rails app that uses a pre 2.0 version of rails. When I do ruby --version in the dir I get: ruby 1.9.3p545 (2014-02-24 revision 45159) [x86_64-darwin14.1.0]

I used RVM last night to install ruby-2.2.3 which seems to have meddled with my certificates. How can I undo this or fix the problem?

➜  homedev  rvm install ruby-2.2.3
Warning, new version of rvm available '1.26.11', you are using older version '1.26.10'.
You can disable this warning with:    echo rvm_autoupdate_flag=0 >> ~/.rvmrc
You can enable  auto-update  with:    echo rvm_autoupdate_flag=2 >> ~/.rvmrc
Searching for binary rubies, this might take some time.
Found remote file https://rvm_io.global.ssl.fastly.net/binaries/osx/10.10/x86_64/ruby-2.2.3.tar.bz2
Checking requirements for osx.
Updating certificates in '/usr/local/etc/openssl/cert.pem'.
Requirements installation successful.
ruby-2.2.3 - #configure
ruby-2.2.3 - #download
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 6338k  100 6338k    0     0   250k      0  0:00:25  0:00:25 --:--:--  334k
No checksum for downloaded archive, recording checksum in user configuration.
ruby-2.2.3 - #validate archive
ruby-2.2.3 - #extract
ruby-2.2.3 - #validate binary
ruby-2.2.3 - #setup
ruby-2.2.3 - #gemset created /Users/stevebissett/.rvm/gems/ruby-2.2.3@global
ruby-2.2.3 - #importing gemset /Users/stevebissett/.rvm/gemsets/global.gems.......................-
ruby-2.2.3 - #generating global wrappers........
ruby-2.2.3 - #gemset created /Users/stevebissett/.rvm/gems/ruby-2.2.3
ruby-2.2.3 - #importing gemsetfile /Users/stevebissett/.rvm/gemsets/default.gems evaluated to empty gem list
ruby-2.2.3 - #generating default wrappers........
Updating certificates in '/etc/openssl/cert.pem'.
Steve
  • 2,764
  • 4
  • 27
  • 32

2 Answers2

0

I had a similar SSL validation issue. In my case I was getting an error similar to

~/.rvm/rubies/ruby-2.2.3/lib/ruby/2.2.0/net/http.rb:923:in `connect': SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed

The default RVM binaries may be linking to an OpenSSL path which is not the one configured in your system.

I suggest you to remove Ruby 2.2.3 and reinstall it compiling the binaries on your machine so that the proper OpenSSL version is linked.

rvm remove 2.2.3
rvm install 2.2.3 --disable-binary
Simone Carletti
  • 173,507
  • 49
  • 363
  • 364
  • That didn't work unfortunately. I think the problem is that installing 2.2.3 has minced my `cert.pem` file – Steve Dec 16 '15 at 10:43
0

I was able to bundle again after doing the following:

cd /usr/local/etc/openssl/
mv cert.pem cert.pem.old
wget http://curl.haxx.se/ca/cacert.pem
mv cacert.pem cert.pm

This will change your certificates to use this Bundle of CA Root Certificates.

Disclaimer: I am not sure if there are any caveats of using these certificates.

A similar (but not the same) issue can be found here: "Certificate verify failed" OpenSSL error when using Ruby 1.9.3

Community
  • 1
  • 1
Steve
  • 2,764
  • 4
  • 27
  • 32