What I have found is that those blog posts and stackoverflow answers led me to the wrong direction. The problem is neither Ruby's false nor you misconfigured it. Instead, missing intermediate CA certificate is the cause of the problem.
To verify that you are having the same cause of problem that I had, try running these command and compare the results
$ ruby -rnet/http -e "puts Net::HTTP.get(URI('https://github.com'))"
$ ruby -rnet/http -e "puts Net::HTTP.get(URI('https://your_webserver'))"If you get back proper result for the first command and get the same error for the second command. That's the same problem I had. If you get errors on both commands, this post won't help solving you problem.
What's happening is that Ruby doesn't have a certificate of the intermediate CA that is used to issue certificate of the server you are requesting to
Compare Certificate chain section of the result of these 2 commands
$ openssl s_client -connect github.com:443
$ openssl s_client -connect your_webserver.com:443In github's server case, you will get 0 and 1. On the other hand, in your web server case, you probably get only 0. SSL certificate chains section of this nginx documentation page has a good explanation of the chain.
If you own that web server or has an access to it, go fix that and your ssl issue should be resolved. For nginx web server, the fix is described in the previous link.
Good luck.
No comments:
Post a Comment