Could not find valid gem: certificate verify failed

Question

I'm trying to establish an ssh tunnel to a remote server as described here: SSH from Heroku into remote server with Mysql Db

But I'm hung up just simply trying to download the gems. I added:

# file: Gemfile
...
gem 'net-ssh-gateway', '~> 1.2.0'

but when I do bundle install (or even just gem install net-ssh on the command line), I get:

ERROR:  Could not find a valid gem 'net-ssh' (>= 0), here is why:
        Unable to download data from https://rubygems.org/ - SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed (https://api.rubygems.org/latest_specs.4.8.gz)

As per the README for net-ssh (https://github.com/net-ssh/net-ssh), I checked my OpenSSL bindings for Ruby -- they look okay:

$ ruby -ropenssl -e 'puts OpenSSL::OPENSSL_VERSION'
OpenSSL 1.0.1j 15 Oct 2014

I'm not sure if this is related, but when I tried to download the .pem file for a high security download of the gemfile:

$ curl -O https://raw.github.com/net-ssh/net-ssh/master/gem-public_cert.pem

... it didn't download a .pem file, and visiting the URL directly result in 'not found'.

Other info:

$ rake about
About your application's environment
Ruby version              2.1.4-p265 (x86_64-darwin14.0)
RubyGems version          2.2.2
Rack version              1.5
Rails version             4.1.7

So for right now, I'm stuck. Does anyone recognize this problem?

Answer 1

Despite @the Tin Man's helpful answer, my problem was that I didn't have certificates set up in a place that OpenSSL could find them.

Following suggestions(s) in SSL Error When installing rubygems, Unable to pull data from 'https://rubygems.org/:

An inferior workaround

One can work around this by changing the first line of Gemfile from

source 'https://rubygems.org'

to the non-https form:

source 'http://rubygems.org'

and then do the usual bundle install. Afterwards, you should restore the first line of your Gemfile to use the https form. This is generally considered a security risk.

What's more, you haven't really addressed the real problem that you lack valid certificates and you will run into trouble if your application calls uses OpenSSL (e.g. net-ssh).

A better fix

See SSL Error When installing rubygems, Unable to pull data from 'https://rubygems.org/. For OS X users, we ask Ruby to tell us where it's looking for the certificates file, and then use security find-certificate to populate the certificates file:

$ cert_file=$(ruby -ropenssl -e 'puts OpenSSL::X509::DEFAULT_CERT_FILE')
$ echo $cert_file
$ security find-certificate -a -p /Library/Keychains/System.keychain > "$cert_file"
$ security find-certificate -a -p /System/Library/Keychains/SystemRootCertificates.keychain >> "$cert_file"

After I did this, I was able to call bundle install without an error.

Answer 2

This helped in my case, when I had a problem with certificate:

gem sources -r https://rubygems.org
gem sources -a http://rubygems.org

gem update --system

gem sources -r http://rubygems.org
gem sources -a https://rubygems.org

Answer 3

hey everyone follow this link so you wont have to manual install everytime.

This says that the problem is from rubygems' change of ssl certasdaasdlashjd blah blah. NVM the link explains it best :p