SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed

I am using [Authlogic-Connect][1] for third party logins. After running appropriate migrations, Twitter/Google/yahoo logins seem to work fine but the facebook login throws exception:

SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed

The dev log shows

OpenSSL::SSL::SSLError (SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed):
app/controllers/users_controller.rb:37:in `update'
Please suggest..

[1]:

[To see links please register here]

Then, as this blog post suggests,

"[How to Cure Net::HTTP’s Risky Default HTTPS Behavior][1]"

you might want to install the `always_verify_ssl_certificates` gem that allow you to set a default value for `ca_file`.


[1]:

[To see links please register here]

Here's what I did that helped if you are specifically having a problem on Leopard.

My cert was old and needed to be updated. I downloaded this:

[To see links please register here]

Then replaced my cert which was found here on Leopard:

/usr/share/curl/curl-ca-bundle.crt

Reload whatever you have that's accessing it and you should be good to go!

Just because instructions were a slight bit different for what worked for me, I thought I add my 2 cents:

I'm on OS X Lion and using macports and rvm

I installed curl-ca-bundle:

sudo port install curl-ca-bundle

Then I adjusted my omniauth config to be this:

Rails.application.config.middleware.use OmniAuth::Builder do
provider :google_oauth2, APP_CONFIG['CONSUMER_KEY'], APP_CONFIG['CONSUMER_SECRET'],
:scope => 'https://www.google.com/m8/feeds

[To see links please register here]

',
:ssl => {:ca_path => "/share/curl/curl-ca-bundle.crt"}
end

Well this worked for me

rvm pkg install openssl
rvm reinstall 1.9.2 --with-openssl-dir=$rvm_path/usr


Something is wrong with openssl implementation of my ubuntu 12.04

The issue is that ruby can not find a root certificate to trust. As of 1.9 ruby checks this. You will need to make sure that you have the curl certificate on your system in the form of a pem file. You will also need to make sure that the certificate is in the location that ruby expects it to be. You can get this certificate at...

[To see links please register here]

If your a RVM and OSX user then your certificate file location will vary based on what version of ruby your using. Setting the path explicitly with :ca_path is a BAD idea as your code will not be portable when it gets to production. There for you want to provide ruby with a certificate in the default location(and assume your dev ops guys know what they are doing). You can use dtruss to work out where the system is looking for the certificate file.

In my case the system was looking for the cert file in

/Users/stewart.matheson/.rvm/usr/ssl/cert.pem

however MACOSX system would expect a certificate in

/System/Library/OpenSSL/cert.pem

I copied the downloaded cert to this path and it worked. HTH

The new certified gem is designed to fix this:

[To see links please register here]

This worked for me. If you using rvm and brew:

rvm remove 1.9.3
brew install openssl
rvm install 1.9.3 --with-openssl-dir=`brew --prefix openssl`

OSX solution:

install latest rvm stable version

rvm get stable

use rvm command to solve the certificates automatically

rvm osx-ssl-certs update all

Ruby can't find any root certificates to trust.

Take a look at this blog post for a solution: "[Ruby 1.9 and the SSL error][1]".

[1]:

[To see links please register here]

> The solution is to install the `curl-ca-bundle` port which contains the same root certificates used by Firefox:
>
> sudo port install curl-ca-bundle
>
>and tell your `https` object to use it:
>
> https.ca_file = '/opt/local/share/curl/curl-ca-bundle.crt'
>Note that if you want your code to run on Ubuntu, you need to set the `ca_path` attribute instead, with the default certificates location `/etc/ssl/certs`.