Forum: JRuby Issue: Specifing jruby SSL keystore location

Announcement (2017-05-07): is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see and for other Rails- und Ruby-related community platforms.
Chason Choate (Guest)
on 2015-05-01 19:44
(Received via mailing list)
Hello everyone,

I've been having some trouble specifying a custom keystore for use with
SSL. I'm creating a local CA and then creating a self-signed cert from
CA. Now I want to be able to start a Jetty server and hit it with jruby.
current issue is I can't seem to get jruby to pick up the local keystore
and trust it. I'm hopeful someone has ran into this issue before or can
walk me through how to fix it. Below is my test case:


* CentOS 6.5
* Java 7
* jruby-complete-1.7.12

*Steps to reproduce:*

* Install this simple jetty server (
* Run the commands to generate the CA and self-signed cert.
* Start the jetty server (should be on 8443)
* Use the following jruby script to contact the jetty server over SSL:

require 'java'
require 'net/https'
host = 'localhost'
path = '/'

puts ' = ' +
puts ' = ' +

https =, 8443)
https.use_ssl = true
https.ssl_timeout = 2
https.verify_mode = OpenSSL::SSL::VERIFY_PEER
response = https.request('/'))
puts response.body

* If everything is working correctly you should see HTML dumped to your
* Otherwise if there are issues verifying the certificates you'll see an
error like: (which is what i'm seeing)

[vagrant@localhost ~]$ java
-D -jar
/path/to/jruby-complete-1.7.12.jar local.rb =
~/jetty-hightide-8.1.8.v20121106/etc/certs/keystore = changeit
OpenSSL::SSL::SSLError: certificate verify failed
   connect at org/jruby/ext/openssl/
   connect at
   timeout at org/jruby/ext/timeout/
   connect at
  do_start at
     start at
   request at
    (root) at local.rb:13
Karol B. (Guest)
on 2015-05-05 11:43
(Received via mailing list)
might be a JRuby-OpenSSL regression ... please try *gem install
jruby-openssl* and make sure the installed gem gets loaded as some of
older 1.7.x releases had issues not allowing to override default gems.
if possible I would upgrade JRuby 1.7.x as well - alternatively wait a
hours and get a freshly baked 1.7.20 :) !


On Fri, May 1, 2015 at 5:43 PM, Chason Choate <
This topic is locked and can not be replied to.