OpenSSL certificate verify failed

Hi there,

I’m getting a “certificate verify failed” error when attempting to
via SSL to Facebook (I’m using the Omniauth gem to implement external
authentication. I’ve searched high and low for solutions to this issue,
they all seem to lead back to the but that’s already been filed in Jira: The problem is that I can’t
seem to get that workaround to work in my case.

Here’s the situation:

  1. I’m running a Rails 3.0.5 application in Torquebox on Ubuntu
    I’m running JRuby 1.6 final via RVM, and my app is running in 1.8.7
    right now.
  2. I’m using the Omniauth Gem to attempt connection to Facebook.
  3. This gem works just fine if I use the MRI (1.8.7 or 1.9.2).
  4. The test case listed in 5010 in the first comment is reproducible
    my system, and indeed, prepending the SSL_CERT_DIR to the command
    resolve the issue. However, Omniauth isn’t using open-uri either,
    from what
    I can tell, its calling the basic Net::Http code. I’ve posted a stack
  5. However, when I set the environment variable in Torquebox, or at
    global level for the system, or manually set it in my
    config/environments/development.rb (or anywhere else in the global
    configuration, for that matter) I still get the “certificate verify
    error when attempting to connect to Facebook. I’ve verified that I
    access the ENV[‘SSL_CERT_DIR’] variable in Rails when I’ve set it in
    various locations.
  6. If I disable verification of certificates for OpenSSL, this makes
    error go away, but is obviously a gaping security hole.
  7. On my system, the location /usr/lib/ssl/certs (to match
    /usr/bin/openssl path, per the 5010 comments) is symlinked to

Is there anything else I can try to resolve this issue? Is there any
logs I
should be looking for to gather more information? Thanks for any help
anyone can provide! I can move forward with development by disabling
verification, but can’t afford to deploy to production with disabled


Chris C.
Carter Ventures, LLC

I’m running into the sane problem.
I wonder how did u disable the SSL certificate verification?

I added an initializer to Rails with one line in it:


This disables certificate verification, which is a huge security hole.
can probably get away with it during development, but when you deploy to
production you’re opening yourself up to a lot of issues if you talk to
external sites.

I’ve noticed there are a few other issues with OpenSSL on JRuby, so I
need to defer my implementation of projects on that stack for a little
while, until they can finish off 1.9 support, with OpenSSL in

On Thu, Apr 7, 2011 at 1:12 AM, Boris S. [email protected] wrote:


Chris C.
Carter Ventures, LLC

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs