ubuntu困扰多久的ssl证书过期问题certificate verfiy failed
OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=error: certificate verify failed
I have Rails API server hosted on Heroku, which makes an asynchronous POST request to a callback url specified in an initial API request by the client.
可以用下面的方式试试,取消证书的verify,然后看看会不会出现问题。
生产环境下,还会要及时将证书更新了。
If you need to get around this (but probably not a good permanent solution, because of the potential security hole) you should be able to turn off the certificate verification by putting this before Bundler.require in your application.rb:
# config/application.rb require 'openssl' OpenSSL::SSL::VERIFY_PEER = OpenSSL::SSL::VERIFY_NONE
三种情况下会出现这个问题
1.gem install or bundle install 出现
2.your app connect to 3rd-party api
3. your use a gem to connect to payment sites like Paypal
解决方案Solutions
Update CA certificates
The correct solution depends on which code connects to an HTTPS URL. The first thing you can try is to update the root certificates on your machine.
If you’re using Linux, you can use your package manager to update the CA certificates.
sudo apt-get install -y ca-certificates sudo apt-get update ca-certificates
On RVM on OSX, you can run
rvm osx-ssl-certs update all
If you don’t use RVM, you can extract the certificates from Apple’s Keychain yourself.
cert_file='$( openssl version -d | awk -F''' '{print $2}' )/cert.pem' mkdir -p '${cert_file%/*}' security find-certificate -a -p /Library/Keychains/System.keychain > '$cert_file' security find-certificate -a -p /System/Library/Keychains/SystemRootCertificates.keychain >> '$cert_file'
Try setting SSL’s environment variables to the proper location for your distro, e.g.
CentOS/RHEL:
export SSL_CERT_DIR=/etc/pki/tls/certs export SSL_CERT_FILE=/etc/pki/tls/cert.pem
Ubuntu/Debian:
export SSL_CERT_DIR=/etc/ssl/certs export SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt
This worked for me.
阅读量: 81
发布于:
修改于:
发布于:
修改于: