'SSL verification error when installing cocoapods
What I did sudo gem install cocoapods
This is the full message from terminal
ERROR: You must add /C=BE/O=GlobalSign nv-sa/CN=AlphaSSL CA - SHA256 - G2 to your local trusted store
ERROR: Could not find a valid gem 'cocoapods' (>= 0), here is why:
Unable to download data from https://rubygems.org/ - hostname "rubygems.org" does not match the server certificate (https://rubygems.org/specs.4.8.gz)
ERROR: SSL verification error at depth 0: unable to get local issuer certificate (20)
I have no experience with SSL but I followed a couple of question similar to mine but no luck
What I've tried:
- Download and install the new SHA256 intermediate certificate
- Change hostname from https to http
- Follow this guide but couldn't copy GlobalSignRootCA.pem to ruby folder
- Use HomeBrew but got another error while installing it
Solution 1:[1]
MichaelHuelsen has the correct answer. Here I will give my step-by-step instructions that worked for me but overwrites the pem file with a large one, so beware if this has sensitive info you might want to not destroy.
- ID the cert file.
$ ruby -ropenssl -e 'p OpenSSL::X509::DEFAULT_CERT_FILE'
"/etc/pki/tls/cert.pem"
Tells me where my cert file is.
- Backup the cert file
cp /etc/pki/tls/cert.pem /tmp/cert.pem.bak
- Copy down a full cert file via curl
See: https://curl.se/docs/caextract.html
curl --remote-name --time-cond cacert.pem https://curl.se/ca/cacert.pem
- Move the new cacert.pem file to replace the old one
mv cacert.pem /etc/pki/tls/cert.pem
I then ran gem update --system
to update things, but you may just be ok running your original gem
command.
Solution 2:[2]
To Solve the issue
download from https://rubygems.org/pages/download (ZIP for windows)
Unpack into a directory and cd there Install with: ruby setup.rb (you may need admin/root privilege)
it solved for me
Solution 3:[3]
I also recommend to read the error message carefully. Often, the default root CAs in the Ruby certificate store are (of course) missing important certificates in the certificate chain. For example, if you are behing a (corporate) proxy .
Since Ruby relies on openssl, you need to find out where your cert file is located.
ruby -ropenssl -e 'p OpenSSL::X509::DEFAULT_CERT_FILE'
It outputs the file that ruby and gem are using, in my case under Windows 10 with Ruby 3.0, it looked similar to this:
"C:/Your_Local_Ruby_Install_Path/Ruby30-x64/ssl/cert.pem"
The cert.pem is a plain text file with certificate information. You need to download the provide the missing certificate and add it to the cert.pem file.
Afterwards you can use gem install your_package
without SSL issues with respect to that certificate which was missing earlier.
Solution 4:[4]
Despite the workarounds given, it would be better to dig into the root of the issue. Your system lacks of AlphaSSL intermediate certificate in the trusted CA pools. You need to update the trusted CA root and intermediate certificates on your machine. One of the best sources is curl's constantly updated CA certificate storage being pulled from Firefox. Otherwise, you can import the certs manually.
Solution 5:[5]
On Ubuntu 22.04 I had to follow an amended script written by this dude: https://deanpcmad.com/2022/installing-older-ruby-versions-on-ubuntu-22-04/
@MichaelHuelsen's answer pointed me in the right direction, and revealed to me that the pre-compiled version provided in Dean's install has his home path in it.
So I compiled my own and with some adjustments was able to install older versions of Ruby in Ubuntu 22.04.
This may be a slight tangent on this question but nevertheless hope it helps anyone who finds their way here for the same reason.
My version of the install instructions:
mkdir ~/.openssl
wget https://www.openssl.org/source/openssl-1.1.1g.tar.gz
tar zxvf openssl-1.1.1g.tar.gz
cd openssl-1.1.1g
./config --prefix=/home/$USER/.openssl/openssl-1.1.1g --openssldir=/home/$USER/.openssl/openssl-1.1.1g
make
make test
make install
rm -rf ~/.openssl/openssl-1.1.1g/certs
ln -s /etc/ssl/certs ~/.openssl/openssl-1.1.1g/certs
# Ruby 3.0
RUBY_CONFIGURE_OPTS=--with-openssl-dir=/home/$USER/.openssl/openssl-1.1.1g rbenv install 3.0.4
# Ruby 2.7
RUBY_CONFIGURE_OPTS=--with-openssl-dir=/home/$USER/.openssl/openssl-1.1.1g rbenv install 2.7.6
# Ruby 2.6
RUBY_CONFIGURE_OPTS=--with-openssl-dir=/home/$USER/.openssl/openssl-1.1.1g rbenv install 2.6.9
# Ruby 2.5 (No Longer Supported)
RUBY_CONFIGURE_OPTS=--with-openssl-dir=/home/$USER/.openssl/openssl-1.1.1g rbenv install 2.5.9
# Ruby 2.4 (No Longer Supported)
RUBY_CONFIGURE_OPTS=--with-openssl-dir=/home/$USER/.openssl/openssl-1.1.1g rbenv install 2.4.10
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
Solution | Source |
---|---|
Solution 1 | mpettis |
Solution 2 | Chatrughan Prasad |
Solution 3 | MichaelHuelsen |
Solution 4 | iddqdiddqd |
Solution 5 | Jonathan |