How to set ca-bundle path for OpenSSL in ruby

Question

I am experiencing a problem in ruby, where an SSL cert could not be validated by OpenSSL. I think this is caused by the ca-bundle.pem not being known by the script. Is there a possibility to configure the path of the ca-bundle.pem manually?

score 22 · Accepted Answer · answered Feb 10 '13 at 12:19

OpenSSL uses the SSL_CERT_FILE environment variable. You can set it in your ruby script using something like before the first require which pulls in OpenSSL:

ENV['SSL_CERT_FILE'] = '/path/to/ca-bundle.pem'

or, if you prefer, you can set the SSL_CERT_FILE environment variable in your OS environment, web server configuration etc depending on your situation.

score 8 · Answer 2 · answered Feb 07 '13 at 10:24

8

You can do so by the following:

SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt

answered Feb 07 '13 at 10:24

Kumar Akarsh

4,954
2
20
31

Where do I have to put this? fyi I am running Windows – Coxer Feb 07 '13 at 10:26
This is to be put in the ruby code itself.not sure how to do it in a windows system. alternatively you can disable the certificate verification altogether by doing: OpenSSL::SSL::VERIFY_PEER = OpenSSL::SSL::VERIFY_NONE – Kumar Akarsh Feb 07 '13 at 10:32
2

yeah, i dont like to disable the verification ... due to security issues. Is there a constant, that can be set for the OpenSSL module? OpenSSL::SSL::XX = path ??? – Coxer Feb 07 '13 at 14:08

Ashish Bista · Answer 3 · 2016-05-14T01:48:00.643

0

It's all because SSL_CERT_FILE has a wrong value, the value it has might not exist. So, you have to set its value to your certificate file as ENV['SSL_CERT_FILE]='path/to/ca-bundle.p'. If you are using Rails, you can put it in an initializer. If you want a gem that does everything for you, use https://github.com/stevegraham/certified.

edited May 14 '16 at 01:48

answered May 13 '16 at 19:44

Ashish Bista

4,533
1
18
25

How to set ca-bundle path for OpenSSL in ruby

3 Answers3

Linked