"certificate verify failed" in Ruby controller

Question

I am a newbie and I try to create an app to list the boat renter company and to allow users to give reviews on them. First of all, I want to allow users to create Renters. I used omniauth for Facebook connect. It works on production but not on localhost.

When I try to add a renter, after the submit button on the renter view, I have the error :

Started POST "/renters" for ::1 at 2016-02-10 11:20:00 +0100
Processing by RentersController#create as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"xxx...xxx", "renter"=>{"name"=>"bastia", "address"=>"bastia", "latitude"=>"", "longitude"=>"", "website"=>"", "email"=>"", "phone"=>"", "user_id"=>""}, "commit"=>"Valider"}
(0.3ms)  BEGIN
(0.4ms)  ROLLBACK
Completed 500 Internal Server Error in 34ms (ActiveRecord: 0.7ms)

OpenSSL::SSL::SSLError (SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed):
  app/controllers/renters_controller.rb:44:in `create'

Here it is the renters_controller.rb

class RentersController < ApplicationController
  before_action :set_renter, only: [:show, :edit, :update, :destroy]

  def create
    @renter = Renter.new(renter_params)

    if @renter.save
      gflash notice: "Le loueur a bien été enregistré"
      redirect_to '/'
    else
      gflash :now, notice: "Une erreur est survenue."
      render :new
    end
  end

  def renter_params
    params.require(:renter).permit(:name, :address, :website, :email, :phone, :review, :latitude, :longitude, :user_id)
  end

end

and the model renter.rb

class Renter < ActiveRecord::Base
  geocoded_by :address
  after_validation :geocode
  reverse_geocoded_by :latitude, :longitude
  after_validation :reverse_geocode  # auto-fetch address
end

Can someone help me?

Answer 1

To make Facebook connect work in a development environment, you must first create a test app in your Facebook Developers account:

• Go to your app https://developers.facebook.com/apps/[your-id]
• Click on Test Apps
• Create a new one

Settings: - App domains: localhost - Site url: http://localhost:3000/

Then enter in your app the app id and the app secret (in your application.yml if you use Figaro), like this:

application.yml

development:
    OAUTH_FACEBOOK_ID: 'facebook-id'
    OAUTH_FACEBOOK_SECRET: 'facebook-secret' 

Then you can use it in your devise.rb

devise.rb

config.omniauth :facebook, ENV['OAUTH_FACEBOOK_ID'], ENV['OAUTH_FACEBOOK_SECRET'], 
scope: 'public_profile', image_size: {height: 1600}, info_fields: 'name, id, first_name, 
last_name, gender, hometown, cover, email, link' # list of permissions

Answer 2

It works on production but not on localhost...

When developing on localhost, you can model the public gear by creating a CA, creating a CSR for the localhost, and then having your CA sign the CSR. Finally, you use you certificate with your dev web server, and you install your CA in your local trust store.

Becoming your own CA means things will "just work" in browsers and other user agents. If you try the self-signed certificate route (discussed below), then you will be OK with most user agents, but browsers will be a pain point.

For information on becoming your own CA and issuing certificates for your developer workstation, see How do you sign Certificate Signing Request with your Certification Authority?

---

You might also be able to create a self signed certificate to avoid the CA and CSR stuff. In this case, you would tell Ruby to trust the self signed certificate for localhost instead of the CA.

You should be OK with most user agents, but browsers will be a pain point because they have moved against self-signed certificates.

For creating self signed certificates, see How to create a self-signed certificate with openssl? and How can I generate a self-signed certificate with SubjectAltName using OpenSSL?

---

You should not do this: :use_https => false.