OpenSSL::SSL::SSLError on Heroku [duplicate]

Answer 1

It sounds like you've got the right openssl configuration in OmniAuth, but perhaps your CA certs path isn't correct?

You can check that on your heroku servers by running:

heroku run bash

... and then running openssl to display the proper path:

$ openssl version -a
OpenSSL 1.0.0e 6 Sep 2011
OPENSSLDIR: "/usr/lib/ssl"

... You should find the ca_certificates.crt file at $OPENSSLDIR/certs/ca-certificates.crt

I would confirm that path an update your code to match.

Answer 2

After some searching here is what I found:

If you’re using Ruby to open connections to an external server over https, eg. the Facebook Graph API, you may run into the following error:

OpenSSL::SSL::SSLError:SSL_connectreturned=1errno=0state=SSLv3readservercertificateB:certificateverifyfailed

This error is due to Ruby not being able to find the certification authority certificates (CA Certs) used to verify the authenticity of secured web servers. The solution is to download the this ca-bundle.crt into your application’s lib/ directory: Then add the following code to config/initializers/fix_ssl.rb:

require 'open-uri'
require 'net/https'

module Net
  class HTTP
    alias_method :original_use_ssl=, :use_ssl=

    def use_ssl=(flag)
      self.ca_file = Rails.root.join('lib/ca-bundle.crt').to_s
      self.verify_mode = OpenSSL::SSL::VERIFY_PEER
      self.original_use_ssl = flag
    end
  end
end

This should force ruby to use the CA bundle from your application’s lib/ directory.

Taken from: http://jimneath.org/2011/10/19/ruby-ssl-certificate-verify-failed.html

UPDATE:

You may need to use self.ca_path= instead of self.ca_file= depending on your system.