OpenSSL::SSL::SSLError - SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed

Question

I get this error:

OpenSSL::SSL::SSLError

SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed

Rails.application.config.middleware.use OmniAuth::Builder do  
  provider :facebook, 'MY_APPID', 'SECRET', {:scope => 'publish_stream,email', :client_options => {:ssl => {:ca_path => "#{Rails.root}/config/cacert.pem"}}}
end

The action:

def callback
  session['fb_auth'] = request.env['omniauth.auth']
  session['fb_token'] = session['fb_auth']['credentials']['token']
  session['fb_error'] = nil
render :text => request.env['omniauth.auth'].to_yaml  
end

I have been trying some solutions to this problem like:

Rails.application.config.middleware.use OmniAuth::Builder do  
  provider :facebook, 'MY_APPID', 'SECRET', {:scope => 'publish_stream,email', :client_options => {:ssl => {:verify => false}}}
end

and

Rails.application.config.middleware.use OmniAuth::Builder do  
  provider :facebook, 'MY_APPID', 'SECRET', {:scope => 'publish_stream,email', :client_options => {:ssl => {:ca_path => "#{Rails.root}/config/ca-bundle.crt"}}}
end

Where ca-bundle is: http://certifie.com/ca-bundle/ca-bundle.crt.txt

Rails.application.config.middleware.use OmniAuth::Builder do  
  provider :facebook, 'MY_APPID', 'SECRET', {:scope => 'publish_stream,email', :client_options => {:ssl => {:ca_path => "#{Rails.root}/config/cacert.pem"}}}
end

Where cacert.pem is: http://curl.haxx.se/ca/cacert.pem

I am using Windows 7. Does anybody have a solution on this or I am doing something wrong. What is the differens between .pem and .crt?

Answer 1

Ruby cannot find any root certificates.

Here is another option for debugging purposes:

require 'openssl'
OpenSSL::SSL::VERIFY_PEER = OpenSSL::SSL::VERIFY_NONE

Source: https://stackoverflow.com/a/12032944/1047207 (My answer to similar question)

You may want to take a look at this Blog also.