Faraday::SSLError (SSL_connect returned=1 errno=0 state=error: certificate verify failed (unable to get local issuer certificate))

Question

I'm using Faraday gem(https://github.com/lostisland/faraday) to communicate with external JSON API. I'm using the SSL option because API is requiring this:

ssl_crt     = File.read(Jets.root.join('certs', 'test.crt'))
ssl_key     = File.read(Jets.root.join('certs', 'test.key'))
client_cert = OpenSSL::X509::Certificate.new(ssl_crt)
client_key  = OpenSSL::PKey.read(ssl_key)

connection = Faraday.new(
  'https://sandbox-api.com/',
  ssl: {
    client_cert: client_cert,
    client_key: client_key,
    verify: true
  }
) do |conn|
  conn.response :json, content_type: /\bjson$/
  conn.use Faraday::Response::RaiseError
  conn.adapter Faraday.default_adapter
end

connection.get('/token')

Unfortunately, this returns me following error:

Traceback (most recent call last):
       16: from /Users/mateuszurbanski/.gem/ruby/2.5.3/gems/faraday-1.0.1/lib/faraday/connection.rb:198:in `get'
       15: from /Users/mateuszurbanski/.gem/ruby/2.5.3/gems/faraday-1.0.1/lib/faraday/connection.rb:492:in `run_request'
       14: from /Users/mateuszurbanski/.gem/ruby/2.5.3/gems/faraday-1.0.1/lib/faraday/rack_builder.rb:153:in `build_response'
       13: from /Users/mateuszurbanski/.gem/ruby/2.5.3/gems/faraday_middleware-1.0.0/lib/faraday_middleware/response_middleware.rb:36:in `call'
       12: from /Users/mateuszurbanski/.gem/ruby/2.5.3/gems/faraday-1.0.1/lib/faraday/response.rb:11:in `call'
       11: from /Users/mateuszurbanski/.gem/ruby/2.5.3/gems/faraday-1.0.1/lib/faraday/adapter/net_http.rb:68:in `call'
       10: from /Users/mateuszurbanski/.gem/ruby/2.5.3/gems/faraday-1.0.1/lib/faraday/adapter.rb:60:in `connection'
        9: from /Users/mateuszurbanski/.gem/ruby/2.5.3/gems/faraday-1.0.1/lib/faraday/adapter/net_http.rb:70:in `block in call'
        8: from /Users/mateuszurbanski/.gem/ruby/2.5.3/gems/faraday-1.0.1/lib/faraday/adapter/net_http.rb:128:in `perform_request'
        7: from /Users/mateuszurbanski/.gem/ruby/2.5.3/gems/faraday-1.0.1/lib/faraday/adapter/net_http.rb:135:in `request_with_wrapped_block'
        6: from /Users/mateuszurbanski/.gem/ruby/2.5.3/gems/faraday-1.0.1/lib/faraday/adapter/net_http.rb:144:in `request_via_get_method'
        5: from /Users/mateuszurbanski/.rubies/ruby-2.5.3/lib/ruby/2.5.0/net/http.rb:909:in `start'
        4: from /Users/mateuszurbanski/.rubies/ruby-2.5.3/lib/ruby/2.5.0/net/http.rb:920:in `do_start'
        3: from /Users/mateuszurbanski/.rubies/ruby-2.5.3/lib/ruby/2.5.0/net/http.rb:981:in `connect'
        2: from /Users/mateuszurbanski/.rubies/ruby-2.5.3/lib/ruby/2.5.0/net/protocol.rb:44:in `ssl_socket_connect'
        1: from /Users/mateuszurbanski/.rubies/ruby-2.5.3/lib/ruby/2.5.0/net/protocol.rb:44:in `connect_nonblock'
Faraday::SSLError (SSL_connect returned=1 errno=0 state=error: certificate verify failed (unable to get local issuer certificate))

Any ideas what I'm doing wrong?

EDIT:

I forgot to add that the same certs are working fine in the Postman.

Answer 1

First, we need to confirm if you are using the public ca issued certificates, a privately issued certificate or a self-signed because the error states its not able to locate the certificate which has signed the leaf certificate.

I suggest to first check whether "test.crt" have you concatenated the server, intermediate and root certificates in one. If the intermediate file or the root file is not concatenated kindly add the same to test.crt by editing the test.crt using notepad++ or any editing tool (please don't use windows word file). Please open eh intermediate file as well using notepad++ and copy the content . Once copied paste it under the -----END CERTIFICATE----- of test.crt file and follow the same step for root certificate as well. Please let us know the output.