SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed

Question

I am using Authlogic-Connect for third party logins. After running appropriate migrations, Twitter/Google/yahoo logins seem to work fine but the facebook login throws except

Answer 1

While knowing it's rather a lame solution, I'm still sharing this because it seems like very few people answering here use Windows, and I think some of Windows users (me included) would appreciate a simple and intuitive approach.

require 'openssl'
puts OpenSSL::X509::DEFAULT_CERT_FILE

That tells where your openssl is looking for the cert file. My name is not Luis, but mine was C:/Users/Luis/Code/luislavena/knap-build/var/knapsack/software/x86-windows/openssl/1.0.0l/ssl/cert.pem. The path may be different depending on each own environments (e.g. openknapsack instead of luislavena).

The path didn't change even after set SSL_CERT_FILE=C:\foo\bar\baz\cert.pem via the console, so... I created the directory C:\Users\Luis\Code\luislavena\knap-build\var\knapsack\software\x86-windows\openssl\1.0.0l\ssl in my local disk and put a cert file into it.

Lame as it is, this will surely work.

Answer 2

A one liner fixes it for Windows in an Admin prompt

choco install wget (first see chocolatey.org)

wget http://curl.haxx.se/ca/cacert.pem -O C:\cacert.pem && setx /M SSL_CERT_FILE "C:\cacert.pem"

Or just do this:

gem sources -r https://rubygems.org/
gem sources -a http://rubygems.org/

Milanio's method:

gem sources -r https://rubygems.org
gem sources -a http://rubygems.org 
gem update --system
gem sources -r http://rubygems.org
gem sources -a https://rubygems.org

gem install [NAME_OF_GEM]

Answer 3

OS X 10.8.x with Homebrew:

brew install curl-ca-bundle
brew list curl-ca-bundle
cp /usr/local/Cellar/curl-ca-bundle/1.87/share/ca-bundle.crt /usr/local/etc/openssl/cert.pem

Answer 4

If you have a symbolic link in the /usr/local/etc/openssl pointing to cert.pem try to do this:

ruby -ropenssl -e "p OpenSSL::X509::DEFAULT_CERT_FILE" (should be /usr/local/etc/openssl)
cd /usr/local/etc/openssl
wget http://curl.haxx.se/ca/cacert.pem
ln -s cacert.pem 77ee3751.0 (77ee3751.0 is my symbolic link, should depend on the openssl version)

Answer 5

What worked for me is a combination of answers, namely:

# Reinstall OpenSSL
brew update
brew remove openssl
brew install openssl
# Download CURL CA bundle
cd /usr/local/etc/openssl/certs
wget http://curl.haxx.se/ca/cacert.pem
/usr/local/opt/openssl/bin/c_rehash
# Reinstall Ruby from source
rvm reinstall 2.2.3 --disable-binary

Answer 6

Here's another option for debugging purposes.

Be sure never to use this in any production environment, as it will negate benefits of using SSL in the first place. It is only ever valid to do this in your local development environment.

require 'openssl'
OpenSSL::SSL::VERIFY_PEER = OpenSSL::SSL::VERIFY_NONE