Attempt #1
I was following this page to fix the OpenSSL Certificate error in my Mac El Capitan.
Though the RVM and certificates are upto date, the certificate error still occurs:
☁ ~ rvm -v
rvm 1.26.11 (master) by Wayne E. Seguin <wayneeseguin@gmail.com>, Michal Papis <mpapis@gmail.com> [https://rvm.io/]
☁ ~ rvm osx-ssl-certs status all
Certificates for /etc/openssl/cert.pem: Up to date.
Certificates for /usr/local/etc/openssl/cert.pem: Up to date.
☁ ~ ruby -e "require 'open-uri'; open 'https://www.google.com'"
/Users/leninrajrajasekaran/.rvm/rubies/ruby-2.2.3/lib/ruby/2.2.0/net/http.rb:923:in `connect': SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed (OpenSSL::SSL::SSLError)
from /Users/leninrajrajasekaran/.rvm/rubies/ruby-2.2.3/lib/ruby/2.2.0/net/http.rb:923:in `block in connect'
from /Users/leninrajrajasekaran/.rvm/rubies/ruby-2.2.3/lib/ruby/2.2.0/timeout.rb:73:in `timeout'
from /Users/leninrajrajasekaran/.rvm/rubies/ruby-2.2.3/lib/ruby/2.2.0/net/http.rb:923:in `connect'
from /Users/leninrajrajasekaran/.rvm/rubies/ruby-2.2.3/lib/ruby/2.2.0/net/http.rb:863:in `do_start'
from /Users/leninrajrajasekaran/.rvm/rubies/ruby-2.2.3/lib/ruby/2.2.0/net/http.rb:852:in `start'
from /Users/leninrajrajasekaran/.rvm/rubies/ruby-2.2.3/lib/ruby/2.2.0/open-uri.rb:318:in `open_http'
from /Users/leninrajrajasekaran/.rvm/rubies/ruby-2.2.3/lib/ruby/2.2.0/open-uri.rb:736:in `buffer_open'
from /Users/leninrajrajasekaran/.rvm/rubies/ruby-2.2.3/lib/ruby/2.2.0/open-uri.rb:211:in `block in open_loop'
from /Users/leninrajrajasekaran/.rvm/rubies/ruby-2.2.3/lib/ruby/2.2.0/open-uri.rb:209:in `catch'
from /Users/leninrajrajasekaran/.rvm/rubies/ruby-2.2.3/lib/ruby/2.2.0/open-uri.rb:209:in `open_loop'
from /Users/leninrajrajasekaran/.rvm/rubies/ruby-2.2.3/lib/ruby/2.2.0/open-uri.rb:150:in `open_uri'
from /Users/leninrajrajasekaran/.rvm/rubies/ruby-2.2.3/lib/ruby/2.2.0/open-uri.rb:716:in `open'
from /Users/leninrajrajasekaran/.rvm/rubies/ruby-2.2.3/lib/ruby/2.2.0/open-uri.rb:34:in `open'
from -e:1:in `<main>'
Attempt #2
Following this answer.
Create a new file fix_ssl.rb in your application initializer with:
require 'open-uri'
require 'net/https'
module Net
class HTTP
alias_method :original_use_ssl=, :use_ssl=
def use_ssl=(flag)
self.ca_file = Rails.root.join('lib/ca-bundle.crt').to_s
self.ca_path = Rails.root.join('lib/ca-bundle.crt').to_s
self.verify_mode = OpenSSL::SSL::VERIFY_PEER
self.original_use_ssl = flag
end
end
end
Download the crt file and place in your lib directory.
Now try the same in rails console:
☁ duggout [master] ⚡ rails c
Loading development environment (Rails 4.2.5)
2.2.3 :001 > require 'open-uri'; open 'https://www.google.com'
OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
from /Users/leninrajrajasekaran/.rvm/rubies/ruby-2.2.3/lib/ruby/2.2.0/net/http.rb:923:in `connect'
OpenSSL
OpenSSL is the one from Homebrew and is latest:
☁ ~ openssl version -a
OpenSSL 1.0.2g 1 Mar 2016
built on: reproducible build, date unspecified
platform: darwin64-x86_64-cc
options: bn(64,64) rc4(ptr,int) des(idx,cisc,16,int) idea(int) blowfish(idx)
compiler: clang -I. -I.. -I../include -fPIC -fno-common -DOPENSSL_PIC -DZLIB_SHARED -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -arch x86_64 -O3 -DL_ENDIAN -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM
OPENSSLDIR: "/usr/local/etc/openssl"
How do we fix the certificate error?
