I setup a gem repository on a server and am serving it out of HTTPS using a self signed certificate. I then added the certificate to my ruby installation using the instructions from the bundler website. After doing so, I am able to install gems from my repository and from rubygems.org using the "gem" command.
However, when I use bundler, I get the following SSL error:
Could not verify the SSL certificate for https://test.server.com:8808/quick/Marshal.4.8/test_gem-0.1.0.gemspec.rz. There is a chance you are experiencing a man-in-the-middle attack, but most likely your system doesn't have the CA certificates needed for verification. For information about OpenSSL certificates, see [BITLY URL to http://railsapps.github.io/openssl-certificate-verify-failed.html]. To connect without using SSL, edit your Gemfile sources and change 'https' to 'http'.
In the bundler configuration documentation I found the "ssl_ca_cert" configuration item. However, this configuration item seems to replace whatever CAs bundler is originally using so I can't simply set this to my servers certificate. Doing so makes it so bundler reports the same error when trying to download gems from rubygems.org.
The documentation says you can set this to a directory. However, it doesn't look like bundler will traverse down subdirectories looking for CAs. In version of ruby I'm using, it looks like the gem CAs are stored in subdirectories of the "rubygems/ssl_certs" directory therefore setting the ssl_ca_cert option to the "rubygems/ssl_certs" directory doesn't help.
How can I add my certificate to bundler so it can verify my repository site AND be able to download gems from rubygems.org?
FYI, I'm using the following:
- RHEL 7
- MRI 2.5.1
- Bundler 1.16.2
