certificate verify failed

[etcook]

Recently, myself as well as 2 colleagues have been getting this error on deploy:

There was an error notifying Slack.
#<OpenSSL::SSL::SSLError: SSL_connect returned=1 
         errno=0 state=SSLv3 read server certificate B: certificate verify failed>

One is on Windows and two are on Macs. I've gone through the regular round of fixes re: to cert errors to no avail. Thought you might have some insight. Thanks!

[phallstrom]

Strange. I can't think of anything off the top of my head. We deploy a lot (mac & linux) and we haven't seen that.

[masterkain]

it might be a problem with the recent DigiCert certificate issue. https://blog.digicert.com/expired-intermediate-certificate/

A twitter search about that reveals also other resources.

[etcook]

@masterkain Thanks for the link. Unfortunately, at least on this immediate terminal the certificate doesn't seem expired. I am on OSX Yosemite, which I might have blamed but for the fact that we're having problems with Windows workstations as well.

[masterkain]

Can't really say anything about windows, but I suggest looking further into the matter since it's an intermediate certificate that has expired, I'm on 10.10 as well, and the expired certificate (hidden in the keychain view by default) would not go away; only solution for me was to create a new keychain and start fresh.

[etcook]

According to this, it seems my cert is valid. Am I searching for it incorrectly?

[masterkain]

From the menu View => Show Expired Certificates, try that, it should appear right there.

[etcook]

No luck, unfortunately :(

[masterkain]

was worth a try, I got all kind of similar issues due to that expired cert. Best of luck :+1:

[lorncheung]

Same issue as etook. Looked at expiring certs and there was none. On MacOS 10.9.4.

`There was an error notifying Slack.

`

[etcook]

http://stackoverflow.com/questions/19463827/ssl-connect-returned-1-errno-0-state-sslv3-read-server-certificate-b-certificat

Could this be it? Maybe it's a ruby version issue.

[phallstrom]

Those that are willing, puts this into an initializer somewhere and see if it resolves the issue. I don't like it, but it would at least narrow down the cause. Report success/failure. Would also be curious to know the exact Ruby version.

OpenSSL::SSL::VERIFY_PEER = OpenSSL::SSL::VERIFY_NONE

[lorncheung]

FWIW, we finally resolved our issue by following the instructions listed here: http://railsapps.github.io/openssl-certificate-verify-failed.html

Apparently you can use RVM to renew your expired cert:

$ rvm -v
# rvm 1.19.1 (stable)
$ rvm osx-ssl-certs status all
# Certificates for...
$ rvm osx-ssl-certs update all
# Updating certificates...

Good luck!

[etcook]

@phallstrom I added that to my Capfile and it worked without issue.

I tried @lorncheung's solution prior, but it wasn't successful.

I'm using Ruby 2.1.2 (ruby 2.1.2p95 (2014-05-08 revision 45877) [x86_64-darwin13.0])