Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bad SSL certificate for jRuby for http://rails-assets.org #3847

Closed
lephyrius opened this issue May 4, 2016 · 9 comments
Closed

Bad SSL certificate for jRuby for http://rails-assets.org #3847

lephyrius opened this issue May 4, 2016 · 9 comments
Milestone
Invalid or Duplicate

Comments

@lephyrius
Copy link

Environment

jruby 9.1.0.0 (2.3.0) 2016-05-02 a633c63 Java HotSpot(TM) 64-Bit Server VM 25.92-b14 on 1.8.0_92-b14 +jit [darwin-x86_64]
Installed jRuby with RBenv and ruby-build using homebrew.
Bundler installed.

Expected Behavior

Gemfile

source 'http://rails-assets.org' do
  gem 'rails-assets-select2'
end

Run bundle
Installs the rails assets ruby gem.

Actual Behavior

This error message doesn't apply to jRuby:

Fetching source index from http://rails-assets.org/
Retrying fetcher due to error (2/4): Bundler::Fetcher::CertificateFailureError Could not verify the SSL certificate for http://rails-assets.org/.
There is a chance you are experiencing a man-in-the-middle attack, but most likely your system doesn't have the CA certificates needed for verification. For information about OpenSSL certificates, see http://bit.ly/ruby-ssl. To connect without using SSL, edit your Gemfile sources and change 'https' to 'http'.
Retrying fetcher due to error (3/4): Bundler::Fetcher::CertificateFailureError Could not verify the SSL certificate for http://rails-assets.org/.
There is a chance you are experiencing a man-in-the-middle attack, but most likely your system doesn't have the CA certificates needed for verification. For information about OpenSSL certificates, see http://bit.ly/ruby-ssl. To connect without using SSL, edit your Gemfile sources and change 'https' to 'http'.
Retrying fetcher due to error (4/4): Bundler::Fetcher::CertificateFailureError Could not verify the SSL certificate for http://rails-assets.org/.
There is a chance you are experiencing a man-in-the-middle attack, but most likely your system doesn't have the CA certificates needed for verification. For information about OpenSSL certificates, see http://bit.ly/ruby-ssl. To connect without using SSL, edit your Gemfile sources and change 'https' to 'http'.
Could not verify the SSL certificate for http://rails-assets.org/.
There is a chance you are experiencing a man-in-the-middle attack, but most
likely your system doesn't have the CA certificates needed for verification. For
information about OpenSSL certificates, see http://bit.ly/ruby-ssl. To connect
without using SSL, edit your Gemfile sources and change 'https' to 'http'.

So this might only be a documentation issue? Or is it a issue with rails assets?
@mkristian
Copy link
Member

see #3764

not sure where the problem is with you, but for me it looks again like the jdk version

@lephyrius
Copy link
Author

@mkristian So the solution is to downgrade to JDK 7?

@kares
Copy link
Member

kares commented May 4, 2016
edited

there has been previous issues with CA certificates on rails-assets.org ... maybe you should look around

@mkristian
Copy link
Member

@lephyrius recently I had a case where someone installed a openjdk8 debian package but the installation came with very old certificates and could not reach https://repo2.apache.org. in your case jdk7 could help, or latest jdk8, etc

@snowdall
Copy link

snowdall commented May 9, 2016

I'm seeing the exact same issue. I've also tried a number of different things myself, but to no avail. Has anyone come up with a solution on this one?

@papricek
Copy link

papricek commented Dec 6, 2016

See tenex/rails-assets#325

@preetpalS
Copy link

@papricek The workaround that they give for using http://insecure.rails-assets.org isn't that great since you are getting your assets over HTTP instead of HTTPS.

@snowdall I had a similar problem with Ruby on Windows (MRI). Try downloading the cacert.pem file from here, putting that file's path in an environment variable named SSL_CERT_FILE (on windows command prompt: SET SSL_CERT_FILE=C:\Rubies\cacert.pem; Linux (bash): SSL_CERT_FILE=/home/user/cacert.pem), and then running bundler (with that SSL_CERT_FILE environment variable available (you should see the path if you run echo %SSL_CERT_FILE% on Windows or if you run echo $SSL_CERT_FILE in Linux)).

@preetpalS
Copy link

preetpalS commented Jan 12, 2017
edited

I believe that this issue is mainly caused by out of date CA certificates. This problem isn't exclusive to JRuby either, so it might not belong on JRuby's issue tracker (see this StackOverFlow issue).

Anyone having this issue might also take a look at this workaround from rvm.io.

@headius
Copy link
Member

headius commented Jan 13, 2017

The JVM tends to use its own certs for verification. There's various ways to update them...not knowing your platform, I'll let you search it up.

If it turns out we're still not working right, we can reopen this issue.

@headius headius closed this as completed Jan 13, 2017
@headius headius added this to the Invalid or Duplicate milestone Jan 13, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
Invalid or Duplicate
Development

No branches or pull requests
7 participants
@headius @papricek @mkristian @kares @snowdall @lephyrius @preetpalS