Translations of this page:
- 日本語 (ja)
- English (en)
最近の更新
- 02 Apache2で自己認証ssl [中間証明書の整合性確認]
最近の更新
OpenSSL::SSL::SSLError in RecruitsController#update SSL_connect returned=1 errno=0 state=error: certificate verify failed (unable to get local issuer certificate)
This also results in “unable to get local issuer certificate”.
openssl s_client -showcerts -host valid-isrgrootx1.letsencrypt.org -port 443 Verification error: unable to get local issuer certificate
Ruby was using /usr/local/ssl/cert.pem.
ssl_path.rb
require 'openssl' p OpenSSL::X509::DEFAULT_CERT_FILE
ruby ssl_path.rb "/usr/local/ssl/cert.pem"
One-liner to execute:
ruby -ropenssl -e "p OpenSSL::X509::DEFAULT_CERT_FILE"
However, the target path does not have the root certificate.
# ll /usr/local/ssl/cert.pem ls: cannot access '/usr/local/ssl/cert.pem': No such file or directory
So, we need to create a symlink:
# ln -s /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem /usr/local/ssl/cert.pem ll /usr/local/ssl/cert.pem lrwxrwxrwx. 1 root root 49 Jan 18 15:13 /usr/local/ssl/cert.pem -> /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
# yum update ca-certificates Last metadata expiration check: 0:29:05 ago on Thu Jan 18 14:57:01 2024. Dependencies resolved. ========================================================================================================================= Package Architecture Version Repository Size ========================================================================================================================= Upgrading: ca-certificates noarch 2023.2.60_v7.0.306-90.1.el9_2 baseos 835 k Transaction Summary Upgrade 1 Package Total download size: 835 k Is this ok [y/N]: y Downloading Packages: [=== ] --- B/s | 0 B --:-- ETA The downloaded packages were saved in cache until the next successful transaction. You can remove cached packages by executing 'yum clean packages'. Error: Error downloading packages: Curl error (77): Problem with the SSL CA cert (path? access rights?) for https://mirrors.almalinux.org/mirrorlist/9/baseos [error setting certificate file: /etc/pki/tls/certs/ca-bundle.crt]
This can be resolved by running the following command:
# yum --setopt='sslverify=false' update ca-certificates