rest-client: RestClient::SSLCertificateNotVerified certificate verify failed, How can we bypass

After install rest-client on CentOs 6.4 VM:

$restclient /home/kahmed/qa/RESTtestframework/rest-client/rest-client.gemspec:14: warning: Insecure world writable dir /usr/local/rvm/gems/ruby-2.1.1/bin in PATH, mode 042777 2.1.1 :001 > RestClient.get ‘https://vm-kahmed.his.vm/administrator’ RestClient::SSLCertificateNotVerified: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: from /home/kahmed/qa/RESTtestframework/rest-client/lib/restclient/request.rb:440:in rescue in transmit' from /home/kahmed/qa/RESTtestframework/rest-client/lib/restclient/request.rb:345:intransmit’ from /home/kahmed/qa/RESTtestframework/rest-client/lib/restclient/request.rb:176:in execute' from /home/kahmed/qa/RESTtestframework/rest-client/lib/restclient/request.rb:41:inexecute’ from /home/kahmed/qa/RESTtestframework/rest-client/lib/restclient.rb:64:in get' from (irb):1 from /home/kahmed/qa/RESTtestframework/rest-client/bin/restclient:92:in<top (required)>’ from /usr/local/rvm/gems/ruby-2.1.1/bin/restclient:23:in load' from /usr/local/rvm/gems/ruby-2.1.1/bin/restclient:23:in<main>’ from /usr/local/rvm/gems/ruby-2.1.1/bin/ruby_executable_hooks:15:in eval' from /usr/local/rvm/gems/ruby-2.1.1/bin/ruby_executable_hooks:15:in<main>’

Is there a way to bypass, or accept the Cert ?

About this issue

  • Original URL
  • State: closed
  • Created 10 years ago
  • Comments: 27 (11 by maintainers)

Most upvoted comments

If you’re going to use SSL you may as well verify the certificate, otherwise you’re not really getting any protection from it.

True, unless you happen to be on a demo system with a self-signed certificate.

Thanks for question and the hint how to fix!

+7
mrjcleaver on Apr 16, 2015

You can use RestClient::Request.execute or RestClient::Resource.new(opts).get to pass additional options like :verify_ssl => false or :ssl_ca_file => "myca.crt".

RestClient::Request.execute(:url => 'https://selfsigned.ssltest.me', :method => :get, :verify_ssl => false)

If you’re going to use SSL you may as well verify the certificate, otherwise you’re not really getting any protection from it.

+7
ab on May 30, 2014

@balogic These paths work the same way as any old path in Ruby, like with a File.open. It can be a path relative to your current directory or an absolute path.

On Feb 27, 2017 2:08 AM, “Balaji Ravichandran” notifications@github.com wrote:

At what location do we need to place the .pem file? , inorder to mention it in :ssl_ca_file => “myca.crt.pem”

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/rest-client/rest-client/issues/288#issuecomment-282644066, or mute the thread https://github.com/notifications/unsubscribe-auth/AAVaMvlUhwBEe_uph6Zc1sJHg71vC-RXks5rgnZlgaJpZM4B_mUB .

+1
ab on Feb 27, 2017

@gtmax the link changed

+1
dannyxu2015 on May 27, 2016

I had the same issue using :ssl_ca_file => "myca.crt". Then I did some digging and found out that the .crt was encoded as a binary DER.

Converting to .pem was the solution: openssl x509 -inform DER -outform PEM -in myca.crt -out myca.crt.pem

Then used :ssl_ca_file => "myca.crt.pem" and it worked.

+1
dvmarcilio on Jun 18, 2015
Read more comments on GitHub
← rest-assured: The import io.restassured.RestAssured cannot be resolved
restforce: Getting authentication failure error →