fl8 Wiki

User Tools

Site Tools

You are here: Dokuwiki.fl8.jp » Dokuwiki.fl8.jp » 50_dialy » 2024 » 01 » 2024.01.18 SSL Error in Rails
Trace: 2024.01.18 SSL Error in Rails

Sidebar

Translations of this page:



最近の更新


Tag Cloud

このページへのアクセス
今日: 7 / 昨日: 1
総計: 477

en:50_dialy:2024:01:18

Table of Contents

2024.01.18 SSL Error in Rails

Error

 OpenSSL::SSL::SSLError in RecruitsController#update SSL_connect returned=1 errno=0 state=error: certificate verify failed (unable to get local issuer certificate)

This also results in “unable to get local issuer certificate”. 


openssl s_client -showcerts -host valid-isrgrootx1.letsencrypt.org -port 443
Verification error: unable to get local issuer certificate

Solution

Path of root certificate used by ruby

Ruby was using /usr/local/ssl/cert.pem.

ssl_path.rb 

require 'openssl'
p OpenSSL::X509::DEFAULT_CERT_FILE

 ruby ssl_path.rb "/usr/local/ssl/cert.pem"

One-liner to execute: 

ruby -ropenssl -e "p OpenSSL::X509::DEFAULT_CERT_FILE"

However, the target path does not have the root certificate. 

 # ll /usr/local/ssl/cert.pem ls: cannot access '/usr/local/ssl/cert.pem': No such file or directory

So, we need to create a symlink: 

 # ln -s /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem /usr/local/ssl/cert.pem
ll /usr/local/ssl/cert.pem
lrwxrwxrwx. 1 root root 49 Jan 18 15:13 /usr/local/ssl/cert.pem -> /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem

Unable to update the root certificate.

 # yum update ca-certificates Last metadata expiration check: 0:29:05 ago on Thu Jan 18 14:57:01 2024. Dependencies resolved. ========================================================================================================================= Package Architecture Version Repository Size ========================================================================================================================= Upgrading: ca-certificates noarch 2023.2.60_v7.0.306-90.1.el9_2 baseos 835 k
Transaction Summary
Upgrade  1 Package

Total download size: 835 k
Is this ok [y/N]: y
Downloading Packages:
[===                                     ] ---  B/s |   0  B     --:-- ETA
The downloaded packages were saved in cache until the next successful transaction.
You can remove cached packages by executing 'yum clean packages'.
Error: Error downloading packages:
Curl error (77): Problem with the SSL CA cert (path? access rights?) for https://mirrors.almalinux.org/mirrorlist/9/baseos [error setting certificate file: /etc/pki/tls/certs/ca-bundle.crt]

This can be resolved by running the following command: 

 # yum --setopt='sslverify=false' update ca-certificates
, ,
en/50_dialy/2024/01/18.txt · Last modified: 2024/05/10 11:58 by matsui

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Noncommercial-Share Alike 4.0 International
CC Attribution-Noncommercial-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki