'SSL verification error when installing cocoapods

What I did sudo gem install cocoapods

This is the full message from terminal

ERROR:  You must add /C=BE/O=GlobalSign nv-sa/CN=AlphaSSL CA - SHA256 - G2 to your local trusted store
ERROR:  Could not find a valid gem 'cocoapods' (>= 0), here is why:
          Unable to download data from https://rubygems.org/ - hostname "rubygems.org" does not match the server certificate (https://rubygems.org/specs.4.8.gz)
ERROR:  SSL verification error at depth 0: unable to get local issuer certificate (20)

I have no experience with SSL but I followed a couple of question similar to mine but no luck

What I've tried:

  • Download and install the new SHA256 intermediate certificate
  • Change hostname from https to http
  • Follow this guide but couldn't copy GlobalSignRootCA.pem to ruby folder
  • Use HomeBrew but got another error while installing it
rubysslcocoapods


Solution 1:[1]

MichaelHuelsen has the correct answer. Here I will give my step-by-step instructions that worked for me but overwrites the pem file with a large one, so beware if this has sensitive info you might want to not destroy.

  1. ID the cert file.
$ ruby -ropenssl -e 'p OpenSSL::X509::DEFAULT_CERT_FILE'
"/etc/pki/tls/cert.pem"

Tells me where my cert file is.

  1. Backup the cert file
cp /etc/pki/tls/cert.pem /tmp/cert.pem.bak
  1. Copy down a full cert file via curl

See: https://curl.se/docs/caextract.html

curl --remote-name --time-cond cacert.pem https://curl.se/ca/cacert.pem
  1. Move the new cacert.pem file to replace the old one
mv cacert.pem /etc/pki/tls/cert.pem

I then ran gem update --system to update things, but you may just be ok running your original gem command.

Solution 2:[2]

To Solve the issue

download from https://rubygems.org/pages/download (ZIP for windows)

Unpack into a directory and cd there Install with: ruby setup.rb (you may need admin/root privilege)

it solved for me

Solution 3:[3]

I also recommend to read the error message carefully. Often, the default root CAs in the Ruby certificate store are (of course) missing important certificates in the certificate chain. For example, if you are behing a (corporate) proxy .

Since Ruby relies on openssl, you need to find out where your cert file is located.

ruby -ropenssl -e 'p OpenSSL::X509::DEFAULT_CERT_FILE'

It outputs the file that ruby and gem are using, in my case under Windows 10 with Ruby 3.0, it looked similar to this:

"C:/Your_Local_Ruby_Install_Path/Ruby30-x64/ssl/cert.pem"

The cert.pem is a plain text file with certificate information. You need to download the provide the missing certificate and add it to the cert.pem file.

Afterwards you can use gem install your_package without SSL issues with respect to that certificate which was missing earlier.

Solution 4:[4]

Despite the workarounds given, it would be better to dig into the root of the issue. Your system lacks of AlphaSSL intermediate certificate in the trusted CA pools. You need to update the trusted CA root and intermediate certificates on your machine. One of the best sources is curl's constantly updated CA certificate storage being pulled from Firefox. Otherwise, you can import the certs manually.

Solution 5:[5]

On Ubuntu 22.04 I had to follow an amended script written by this dude: https://deanpcmad.com/2022/installing-older-ruby-versions-on-ubuntu-22-04/

@MichaelHuelsen's answer pointed me in the right direction, and revealed to me that the pre-compiled version provided in Dean's install has his home path in it.

So I compiled my own and with some adjustments was able to install older versions of Ruby in Ubuntu 22.04.

This may be a slight tangent on this question but nevertheless hope it helps anyone who finds their way here for the same reason.

My version of the install instructions:

mkdir ~/.openssl
wget https://www.openssl.org/source/openssl-1.1.1g.tar.gz
tar zxvf openssl-1.1.1g.tar.gz
cd openssl-1.1.1g
./config --prefix=/home/$USER/.openssl/openssl-1.1.1g --openssldir=/home/$USER/.openssl/openssl-1.1.1g
make
make test
make install
rm -rf ~/.openssl/openssl-1.1.1g/certs
ln -s /etc/ssl/certs ~/.openssl/openssl-1.1.1g/certs
# Ruby 3.0
RUBY_CONFIGURE_OPTS=--with-openssl-dir=/home/$USER/.openssl/openssl-1.1.1g rbenv install 3.0.4
# Ruby 2.7
RUBY_CONFIGURE_OPTS=--with-openssl-dir=/home/$USER/.openssl/openssl-1.1.1g rbenv install 2.7.6
# Ruby 2.6
RUBY_CONFIGURE_OPTS=--with-openssl-dir=/home/$USER/.openssl/openssl-1.1.1g rbenv install 2.6.9
# Ruby 2.5 (No Longer Supported)
RUBY_CONFIGURE_OPTS=--with-openssl-dir=/home/$USER/.openssl/openssl-1.1.1g rbenv install 2.5.9
# Ruby 2.4 (No Longer Supported)
RUBY_CONFIGURE_OPTS=--with-openssl-dir=/home/$USER/.openssl/openssl-1.1.1g rbenv install 2.4.10

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 mpettis
Solution 2 Chatrughan Prasad
Solution 3 MichaelHuelsen
Solution 4 iddqdiddqd
Solution 5 Jonathan

Related Questions

Converting zipfile extracting code from ruby to python

YAML indentation for array in hash

Problem with quantifiers and look-behind

display list of days in a week in Rails using Date::DAYNAMES

How can I format a float to a certain number of decimal and integer digits?

How to retrieve the field name of a ShapeFile feature field?

fix `Missing frozen string literal comment` issue

Does Ruby have a string.startswith("abc") built in method?

Is there any Ruby project for backup?

How can I send mail with rails without a template?

Library not loaded: /opt/local/lib/libssl.1.0.0.dylib (LoadError)

Is it possible to use Factory Girl to update an already instanced factory?

Disable irb autocomplete

Pluralizations and Singularizations (Inflections) for "Media/Medium" in Rails 5

How to set env variables using ASDF in a Rails project