I use the ruby-saml gem and try to load my IDP's metadata but got this error:
> OneLogin::RubySaml::IdpMetadataParser.new.parse_remote('my IDP federation metadata XML URL')
Traceback (most recent call last):
12: from /Users/my_name_here/.rvm/rubies/ruby-2.6.4/bin/irb:23:in `<main>'
11: from /Users/my_name_here/.rvm/rubies/ruby-2.6.4/bin/irb:23:in `load'
10: from /Users/my_name_here/.rvm/rubies/ruby-2.6.4/lib/ruby/gems/2.6.0/gems/irb-1.0.0/exe/irb:11:in `<top (required)>'
9: from (irb):2
8: from /Users/my_name_here/.rvm/gems/ruby-2.6.4/gems/ruby-saml-1.11.0/lib/onelogin/ruby-saml/idp_metadata_parser.rb:53:in `parse_remote'
7: from /Users/my_name_here/.rvm/gems/ruby-2.6.4/gems/ruby-saml-1.11.0/lib/onelogin/ruby-saml/idp_metadata_parser.rb:178:in `get_idp_metadata'
6: from /Users/my_name_here/.rvm/rubies/ruby-2.6.4/lib/ruby/2.6.0/net/http.rb:1470:in `request'
5: from /Users/my_name_here/.rvm/rubies/ruby-2.6.4/lib/ruby/2.6.0/net/http.rb:919:in `start'
4: from /Users/my_name_here/.rvm/rubies/ruby-2.6.4/lib/ruby/2.6.0/net/http.rb:930:in `do_start'
3: from /Users/my_name_here/.rvm/rubies/ruby-2.6.4/lib/ruby/2.6.0/net/http.rb:996:in `connect'
2: from /Users/my_name_here/.rvm/rubies/ruby-2.6.4/lib/ruby/2.6.0/net/protocol.rb:44:in `ssl_socket_connect'
1: from /Users/my_name_here/.rvm/rubies/ruby-2.6.4/lib/ruby/2.6.0/net/protocol.rb:44:in `connect_nonblock'
OpenSSL::SSL::SSLError (SSL_connect returned=1 errno=0 state=error: certificate verify failed (unable to get local issuer certificate))
What does the above error mean?
I tried to see what certificate I'm using and it seems like to be this:
[13] pry(#<OpenSSL::SSL::SSLContext>)> OpenSSL::X509::DEFAULT_CERT_FILE
=> "/usr/local/etc/openssl@1.1/cert.pem"
[14] pry(#<OpenSSL::SSL::SSLContext>)> OpenSSL::X509::DEFAULT_CERT_DIR
=> "/usr/local/etc/openssl@1.1/certs"
Is there something wrong with my certificate?
Note: I have read SSL_connect returned=1 errno=0 state=error: certificate verify failed (unable to get local issuer certificate) but still don't know how to fix my issue. The person use a certificate manually but I assume I don't need to use one because the code should handle the certificate?
