OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=error: certificate verify failed

Tarlen picture Tarlen · Nov 12, 2015 · Viewed 28.1k times · Source

I have Rails API server hosted on Heroku, which makes an asynchronous POST request to a callback url specified in an initial API request by the client.

I have a problem when I try to POST to one of my clients' webapp over SSL.

connection = Faraday::Connection.new('https://subdomain.some_client.com', ssl: { ca_file: '/usr/lib/ssl/certs/ca-certificates.crt' })
connection.get '/test'

The following throws an error:

Faraday::Error::ConnectionFailed: SSL_connect returned=1 errno=0 state=error: certificate verify failed

However, if I post to another server over HTTPS, for example google, it works fine

connection = Faraday::Connection.new('https://www.google.com', ssl: { ca_file: '/usr/lib/ssl/certs/ca-certificates.crt' })
connection.get '/'

Does this mean the fault is on the client's SSL configuration? and if so, how can I assist them in debugging the problem?

UPDATE:

I can cURL POST to the client's webapp without problems, it's only when I do it through ruby's HTTP libraries it fails

Much appreciated Thanks

Answer

rlarcombe picture rlarcombe · Nov 12, 2015

My guess is that there is a problem with the SSL cert for your client's web app. Perhaps there is a certificate that is out of date or invalid. You could try this answer.

If you need to get around this (but probably not a good permanent solution, because of the potential security hole) you should be able to turn off the certificate verification by putting this before Bundler.require in your application.rb:

require 'openssl'
OpenSSL::SSL::VERIFY_PEER = OpenSSL::SSL::VERIFY_NONE