SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
Solution 1:
I ran into a similar problem when trying to use the JQuery generator for Rails 3
I solved it like this:
-
Get the CURL Certificate Authority (CA) bundle. You can do this with:
-
sudo port install curl-ca-bundle[if you are using MacPorts] - or just pull it down directly
wget http://curl.haxx.se/ca/cacert.pem
-
Execute the ruby code that is trying to verify the SSL certification:
SSL_CERT_FILE=/opt/local/etc/certs/cacert.pem rails generate jquery:install. In your case, you want to either set this as an environment variable somewhere the server picks it up or add something likeENV['SSL_CERT_FILE'] = /path/to/your/new/cacert.pemin your environment.rb file.
You can also just install the CA files (I haven't tried this) to the OS -- there are lengthy instructions here -- this should work in a similar fashion, but I have not tried this personally.
Basically, the issue you are hitting is that some web service is responding with a certificate signed against a CA that OpenSSL cannot verify.
Solution 2:
If you're using RVM on OS X, you probably need to run this:
rvm osx-ssl-certs update all
More information here: http://rvm.io/support/fixing-broken-ssl-certificates
And here is the full explanation: https://github.com/wayneeseguin/rvm/blob/master/help/osx-ssl-certs.md
Update
On Ruby 2.2, you may have to reinstall Ruby from source to fix this. Here's how (replace 2.2.3 with your Ruby version):
rvm reinstall 2.2.3 --disable-binary
Credit to https://stackoverflow.com/a/32363597/4353 and Ian Connor.
Solution 3:
Here's how you can fix it on Windows: https://gist.github.com/867550 (created by Fletcher Nichol)
Excerpt:
The Manual Way (Boring)
Download the
cacert.pemfile from http://curl.haxx.se/ca/cacert.pem. Save this file toC:\RailsInstaller\cacert.pem.Now make ruby aware of your certificate authority bundle by setting
SSL_CERT_FILE. To set this in your current command prompt session, type:set SSL_CERT_FILE=C:\RailsInstaller\cacert.pemTo make this a permanent setting, add this in your control panel.