"Certificate verify failed" while using http://rubygems.org instead of https

Question

I used to get a certificate verification error when I used the https:/rubygems.org.

A workaround was suggested: remove the "s" (so I end up using http instead of https). It worked for some time but today after starting a new rails application rails new 'filename' I got the same certificate validation error:

Gem::RemoteFetcher::FetchError: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed (https://rubygems.org/gems/mime-types-data-3.2016.0521.gem) An error occurred while installing mime-types-data (3.2016.0521), and Bundler cannot continue. Make sure that gem install mime-types-data -v '3.2016.0521' succeeds before bundling.

I typed gem sources only to find that https://rubygems.org doesn't even exist.

    $ gem sources
*** CURRENT SOURCES ***

http://rubygems.org

I go to the gemfile and I find

source 'https://rubygems.org'

What could be the problem?

Answer 1

Be sure to update the certificate, http://guides.rubygems.org/ssl-certificate-update/

Then look for default cert file

ruby -ropenssl -e 'p OpenSSL::X509::DEFAULT_CERT_FILE'

that outputs "/usr/local/etc/openssl/cert.pem"

And then renamed, that will use the new certificate you downloaded

mv /usr/local/etc/openssl/cert.pem /usr/local/etc/openssl/cert.pem.old

Answer 2

If anyone is still seeing this issue on Ubuntu 20.04 with ARMV7, ensure:

• ca-certificates is installed
• run update-ca-certificates at least once after updating OS packages

You may additionally need to install the GlobalSign certificate prior to running update-ca-certificates:

curl -sL -o /usr/local/share/ca-certificates/GlobalSignRootCA_R3.crt https://raw.githubusercontent.com/rubygems/rubygems/master/lib/rubygems/ssl_certs/rubygems.org/GlobalSignRootCA_R3.pem

This appeared to fix the issue for me.