1

I'm working behind an enterprise proxy server, for which I (seemingly) implemented the correct configurations in order to work with my company's own proxy root certificates.

I added the certificates to the .\Ruby26-x64\lib\ruby\site_ruby\2.6.0\rubygems\ssl_certs folder and adapted the .gemrc file with the http_proxy and https_proxy configuration.

Now commands like gem install hirb work like a charm, but when i try to run bundler install or bunler update on a Rails project, it fails with:

Fetching source index from https://rubygems.org/ Resolving dependencies... Could not verify the SSL certificate for https://rubygems.org/quick/Marshal.4.8/puma-4.3.4.gemspec.rz. There is a chance you are experiencing a man-in-the-middle attack, but most likely your system doesn't have the CA certificates needed for verification. For information about OpenSSL certificates, see http://bit. ly/ruby-ssl. To connect without using SSL, edit your Gemfile sources and change 'https' to 'http'.

I tried quite some different solutions to no avail, also setting the source to http://rubymine.org is not a feasable solution.

System Specs:

  • Windows 10
  • Ruby with Devkit 2.6.6
  • Rails 6.0.3.2
  • Bundler 1.17.2
  • Yarn 1.22.4

How the hell can I tell bundle to trust my company's self-signed root certs?

DISMISSED SOLUTIONS SO FAR:

  1. Define :ssl_verify_mode: 0 in .gemrc seems to be completely ignored
  2. Define BUNDLE_SSL_CA_CERT and have it pointing to gem's .../ssl_certs/rubygems.org directory containing my CA certs, also has no effect
godsim
  • 181
  • 1
  • 9
  • Does this answer your question? [bundle install fails with SSL certificate verification error](https://stackoverflow.com/questions/10246023/bundle-install-fails-with-ssl-certificate-verification-error) Specifically, you want the answer about `.gemrc` including the line `:ssl_verify_mode: 0` at https://stackoverflow.com/a/10250470/3784008 – anothermh Aug 20 '20 at 16:21
  • Thanks for the suggestion, but I already tried `:ssl_verify_mode: 0`. Bundler just ignores it, and throws the same error. – godsim Aug 21 '20 at 07:21
  • Does https://stackoverflow.com/q/3877055/3784008 help? – anothermh Aug 21 '20 at 16:06
  • No. The problem is with the SSL verification, proxy addresses seem to be picked up correctly, otherwise, I wouldn't be able to reach `rubygems.org` at all and the error would be different, specifically I would get timeout warnings, etc... – godsim Aug 25 '20 at 18:12

0 Answers0