ubuntu困扰多久的ssl证书过期问题certificate verfiy failed

OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=error: certificate verify failed

I have Rails API server hosted on Heroku, which makes an asynchronous POST request to a callback url specified in an initial API request by the client.

If you need to get around this (but probably not a good permanent solution, because of the potential security hole) you should be able to turn off the certificate verification by putting this before Bundler.require in your application.rb:

# config/application.rb
require 'openssl'

1.gem install or bundle install 出现
2.your app connect to 3rd-party api
3. your use a gem to connect to payment sites like Paypal


Update CA certificates

The correct solution depends on which code connects to an HTTPS URL. The first thing you can try is to update the root certificates on your machine.

If you’re using Linux, you can use your package manager to update the CA certificates.

sudo apt-get install -y ca-certificates

sudo apt-get update ca-certificates

On RVM on OSX, you can run

rvm osx-ssl-certs update all

If you don’t use RVM, you can extract the certificates from Apple’s Keychain yourself.

cert_file='$( openssl version -d | awk -F''' '{print $2}' )/cert.pem'
mkdir -p '${cert_file%/*}'
security find-certificate -a -p /Library/Keychains/System.keychain > '$cert_file'
security find-certificate -a -p /System/Library/Keychains/SystemRootCertificates.keychain >> '$cert_file'

Try setting SSL’s environment variables to the proper location for your distro, e.g.


export SSL_CERT_DIR=/etc/pki/tls/certs
export SSL_CERT_FILE=/etc/pki/tls/cert.pem

export SSL_CERT_DIR=/etc/ssl/certs
export SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt
This worked for me.

阅读量: 81