ubuntu困扰多久的ssl证书过期问题certificate verfiy failed


OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=error: certificate verify failed


I have Rails API server hosted on Heroku, which makes an asynchronous POST request to a callback url specified in an initial API request by the client.
可以用下面的方式试试,取消证书的verify,然后看看会不会出现问题。
生产环境下,还会要及时将证书更新了。

If you need to get around this (but probably not a good permanent solution, because of the potential security hole) you should be able to turn off the certificate verification by putting this before Bundler.require in your application.rb:

# config/application.rb
require 'openssl'
OpenSSL::SSL::VERIFY_PEER = OpenSSL::SSL::VERIFY_NONE


三种情况下会出现这个问题
1.gem install or bundle install 出现
2.your app connect to 3rd-party api
3. your use a gem to connect to payment sites like Paypal

解决方案Solutions

Update CA certificates

The correct solution depends on which code connects to an HTTPS URL. The first thing you can try is to update the root certificates on your machine.

If you’re using Linux, you can use your package manager to update the CA certificates.

sudo apt-get install -y ca-certificates

sudo apt-get update ca-certificates

On RVM on OSX, you can run

rvm osx-ssl-certs update all

If you don’t use RVM, you can extract the certificates from Apple’s Keychain yourself.

cert_file='$( openssl version -d | awk -F''' '{print $2}' )/cert.pem'
mkdir -p '${cert_file%/*}'
security find-certificate -a -p /Library/Keychains/System.keychain > '$cert_file'
security find-certificate -a -p /System/Library/Keychains/SystemRootCertificates.keychain >> '$cert_file'


Try setting SSL’s environment variables to the proper location for your distro, e.g.

CentOS/RHEL:

export SSL_CERT_DIR=/etc/pki/tls/certs
export SSL_CERT_FILE=/etc/pki/tls/cert.pem
Ubuntu/Debian:

export SSL_CERT_DIR=/etc/ssl/certs
export SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt
This worked for me.

阅读量: 81
发布于:
修改于: