I'm trying to set up a private geminabox server to hold some gems my project is developing. I have the server set up, with passenger nginx running geminabox as a rack app. I am able to bundle install pointing at the server without using SSL.
Since naked HTTP traffic is never ideal, I want to add SSL as well. To get a proof of concept working, I added an SSL cert and verified I could still see the geminabox front end with gem I have installed.
When I go back to my ruby project, I run a bundle install and get:
Could not verify the SSL certificate for https://********.com/.
There is a chance you are experiencing a man-in-the-middle attack, but most likely your system doesn't have the CA certificates needed for verification. For information about OpenSSL certificates, see bit.ly/ruby-ssl. To connect without using SSL, edit your Gemfile sources and change 'https' to 'http'.
Following the link the error message gave me, I decided to start by adding ~/.gemrc with the contents:
:ssl_verify_mode: 0
(not ideal, and not the permanent solution). Now I get:
Fetching source index from https://***.com/
Resolving dependencies...
Could not verify the SSL certificate for
https://***.com/quick/Marshal.4.8/sqlite3-1.3.10-x86-mswin32-60.gemspec.rz.
There is a chance you are experiencing a man-in-the-middle attack, but most likely your system doesn't have the CA
certificates needed for verification. For information about OpenSSL certificates, see bit.ly/ruby-ssl. To connect without
using SSL, edit your Gemfile sources and change 'https' to 'http'.
My question is, how do I correctly set SSL verify to off in bundler? Is there another setting I should use? Thanks for any help you can give...
My system:
Ubuntu 14.04
Ruby 2.1.2
Bundler version 1.8.4
