软件包安装失败，并显示SSL证书验证错误

Question

When I run bundle install for my Rails 3 project on Centos 5.5 it fails with an error:

Gem::RemoteFetcher::FetchError: SSL_connect returned=1 errno=0 state=SSLv3 
read server certificate B: certificate verify failed 
(https://bb-m.rubygems.org/gems/multi_json-1.3.2.gem)
An error occured while installing multi_json (1.3.2), and Bundler cannot continue.
Make sure that `gem install multi_json -v '1.3.2'` succeeds before bundling.

When I try to install the gem manually (by gem install multi_json -v '1.3.2' ) it works. The same problem occurs with several other gems. I use RVM (1.12.3), ruby 1.9.2, bundler 1.1.3.

How to fix it?

Answer 1

Update

Now that I've karma wh..err mined enough from this answer everyone should know that this should have been fixed.

re: via Ownatik again bundle install fails with SSL certificate verification error

gem update --system

My answer is still correct and left below for reference if that ends up not working for you.

---

Honestly the best temporary solution is to

[...] use the non-ssl version of rubygems in your gemfile as a temporary workaround.

via user Ownatik

what they mean is at the top of the Gemfile in your rails application directory change

source 'https://rubygems.org'

to

source 'http://rubygems.org'

note that the second version is http instead of http s

Answer 2

Replace the ssl gem source with non-ssl as a temp solution:

• gem sources -r https://rubygems.org/
• gem sources -a http://rubygems.org/

Answer 3

The reason is old rubygems. You need to update system part using non ssl source first:

gem update --system --source http://rubygems.org/ (temporarily updating system part using non-ssl connection).

Now you're ready to use gem update .

Answer 4

如果您使用的是Mac，并且使用的是RVM的最新版本（〜1.20），则以下命令对我有用。

rvm osx-ssl-certs update

Answer 5

This issue should now be fixed. Update rubygems ( gem update --system ), make sure openssl is at the latest version on your OS, or try these tips of it's still not working: http://railsapps.github.com/openssl-certificate-verify-failed.html

Answer 6

Temporary solution (as alluded to by Ownatik):

Create or modify a file called .gemrc in your home path, including the line :ssl_verify_mode: 0

This will prevent bundler from checking the SSL certificates of gems when it attempts to install them.

For *nix devices, 'home path' means ~/.gemrc . You can also create /etc/gemrc if you prefer. For Windows XP, 'home path' means c:\\Documents and Settings\\All Users\\Application Data\\gemrc . For Windows 7, C:\\ProgramData\\gemrc

Answer 7

On windows7 you can download the cacert.pem file from here and set the environementvariable SSL_CERT_FILE to the path where you store the certificate eg

SET SSL_CERT_FILE="C:\users\<username>\cacert.pem"

or you can set the variable in your script like this ENV['SSL_CERT_FILE']="C:/users/<username>/cacert.pem"

Replace <username> with you own username.

Answer 8

The real solution to this problem, if you are using RVM:

1. Update rubygems: gem update --system
2. Use RVM to refresh SSL certs: rvm osx-ssl-certs update all

Hat tip to this tip on the RailsApps project !

Answer 9

For those of you that have ruby installed through RVM and want a quick fix (preferring not to read per Bruno's request) just try this:

rvm remove 1.9.x (or whatever version of ruby you are using)
rvm pkg install openssl
rvm install 1.9.2 --with-openssl-dir=$rvm_path/usr

For a more details, here is the link where I found the solution.

http://railsapps.github.com/openssl-certificate-verify-failed.html

BTW, I didn't have to touch my certificates on Ubuntu.

Best of all, this isn't a workaround. It will download gems through SSL and fail if there if there is a problem like a man in the middle attack which is much better than just turning off security.

Answer 10

You can download a list of CA certificates from curl's website at http://curl.haxx.se/ca/cacert.pem

Then set the SSL_CERT_FILE environment variable to tell Ruby to use it. For example, in Linux:

$ SSL_CERT_FILE=~/cacert.pem bundle install

(Reference: https://gist.github.com/fnichol/867550 )

Answer 11

This has been fixed

http://guides.rubygems.org/ssl-certificate-update/

Now that RubyGems 2.6.x has been released, you can manually update to this version.

Download https://rubygems.org/downloads/rubygems-update-2.6.7.gem

Please download the file in a directory that you can later point to (eg. the root of your harddrive C:)

Now, using your Command Prompt:

C:\>gem install --local C:\rubygems-update-2.6.7.gem
C:\>update_rubygems --no-ri --no-rdoc

After this, gem --version should report the new update version.

You can now safely uninstall rubygems-update gem:

C:\>gem uninstall rubygems-update -x

Answer 12

Simple copy paste instruction given here about .pem file

https://gist.github.com/luislavena/f064211759ee0f806c88

For certificate verification failed

If you've read the previous sections, you will know what this means (and shame > on you if you have not).

We need to download AddTrustExternalCARoot-2048.pem . Open a Command Prompt and type in:

C:>gem which rubygems C:/Ruby21/lib/ruby/2.1.0/rubygems.rb Now, let's locate that directory. From within the same window, enter the path part up to the file extension, but using backslashes instead:

C:>start C:\\Ruby21\\lib\\ruby\\2.1.0\\rubygems This will open a Explorer window inside the directory we indicated.

Step 3: Copy new trust certificate

Now, locate ssl_certs directory and copy the .pem file we obtained from previous step inside.

It will be listed with other files like GeoTrustGlobalCA.pem.

Answer 13

same problem but with different gem here:

Gem::RemoteFetcher::FetchError: SSL_connect returned=1 errno=0 state=SSLv3 
read server certificate B: certificate verify failed 
(https://bb-m.rubygems.org/gems/builder-3.0.0.gem)
An error occured while installing builder (3.0.0), and Bundler cannot continue.
Make sure that `gem install builder -v '3.0.0'` succeeds before bundling.

temporarily solution: gem install builder -v '3.0.0' makes it possible to continue bundle install

Answer 14

The simplest solution:

rvm pkg install openssl
rvm reinstall all --force

Voila!

Answer 15

This is How you fix this problem on Windows:

download .perm file then set the SSL_CERT_FILE in command prompt

https://gist.github.com/fnichol/867550

Answer 16

I get a slightly different error, though perhaps related, on Ubuntu 12.04:

Gem::RemoteFetcher::FetchError: SSL_connect returned=1 errno=0 state=unknown state: sslv3 alert handshake failure (https://d2chzxaqi4y7f8.cloudfront.net/gems/activesupport-3.2.3.gem)
An error occured while installing activesupport (3.2.3), and Bundler cannot continue.
Make sure that `gem install activesupport -v '3.2.3'` succeeds before bundling.

It happens when I run bundle install with source 'https://rubygems.org' in a Gemfile.

This is an issue with OpenSSL on Ubuntu 12.04. See Rubygems issue #319 .

To fix this, run apt-get update && apt-get upgrade on Ubuntu 12.04 to upgrade your OpenSSL.

Answer 17

I was able to track this down to the fact that the binaries that rvm downloads do not play nice with OS X's OpenSSL, which is old and is no longer used by the OS.

The solution for me was to force compilation when installing Ruby via rvm :

rvm reinstall --disable-binary 2.2

Answer 18

My permanent fix for Windows:

1. Download the CACert , save as C:\\ruby\\ssl_certs\\GlobalSignRootCA.pem from http://guides.rubygems.org/ssl-certificate-update/

2. Create system variable named " SSL_CERT_FILE ", set to C:\\ruby\\ssl_certs\\GlobalSignRootCA.pem .

3. Try again: gem install bundler :

 C:\\gem sources *** CURRENT SOURCES *** https://rubygems.org/ C:\\gem install bundler Fetching: bundler-1.13.5.gem (100%) Successfully installed bundler-1.13.5 1 gem installed 

Answer 19

Thx to @Alexander.Iljushkin for:

gem update --system --source http://rubygems.org/

After that bundler still failed and the solution to that was:

gem install bundler

Answer 20

I was getting a similar error. Here is how I solved this: In your path directory, check for Gemfile. Edit the source in the gemfile to http instead of https and save it. This might install the bundler without the SSL certificate issue.l

Answer 21

For Windows machine, check your gem version with

gem --version

Then update your gem as follow:

• Running 1.8.x: download 1.8.30
• Running 2.0.x: download 2.0.15
• Running 2.2.x: download 2.2.3

Please download the file in a directory that you can later point to (eg. the root of your hard drive C:)

Now, using your Command Prompt:

C:\>gem install --local C:\rubygems-update-1.8.30.gem
C:\>update_rubygems --no-ri --no-rdoc

Now, bundle install will success without SSL certificate verification error.

More detailed instruction is here

Answer 22

This worked for me:

• download latest gem at https://rubygems.org/pages/download
• install the gem with gem install --local [path to downloaded gem file]
• update the gems with update_rubygems
• check that you're on the latest gem version with gem --version

Answer 23

I had to reinstall openssl:

brew uninstall --force openssl
brew install openssl

Answer 24

I was just recently faced with this issue and followed the steps outlined here . There might be a chance that you are not pointing to the right OpenSSL certificate. After running:

rvm osx-ssl-certs status all
rvm osx-ssl-certs update all

and

export SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt

the bundle complete ran!

Answer 25

Download rubygems-update-2.6.7.gem .

Now, using your Command Prompt:

C:\>gem install --local C:\rubygems-update-2.6.7.gem
C:\>update_rubygems --no-ri --no-rdoc

After this, gem --version should report the new update version.

You can now safely uninstall rubygems-update gem:

C:\>gem uninstall rubygems-update -x
Removing update_rubygems
Successfully uninstalled rubygems-update-2.6.7

Answer 26

To note, if you're grabbing gems from a source which SSL cert is trusted by an internal certificate authority (or you are connecting to an external source through a company web proxy with SSL inspection), point your SSL_CERT_FILE env variable to your certificate chain. This most likely just requires exporting your root certificate from your certificate store (System Keychain on macOS) to an accessible location from your shell ie:

export SSL_CERT_FILE=~/RootCert.pem

Answer 27

If you're using rails-assets

If you were using https://rails-assets.org/ to manage your assets, no answers will help you. Even converting to http won't help.

The simplest fix is using this source instead, http://insecure.rails-assets.org . This has been mentioned in their homepage .

Answer 28

The only thing that worked for me on legacy windows system and ruby 1.9 version is downloading cacert file from http://guides.rubygems.org/ssl-certificate-update/

And then running below command before running bundle install

bundle config --global ssl_ca_cert /path/to/file.pem