Getting SSL_connect returned=1 errno=0 state=error: certificate verify failed when connecting to S3
With the investigative help of @RodrigoM and your question update, it all started to make sense. There are actually two distinct problems that contribute to the error you observe:
- Your openssl installation does not have the certificate chain needed to verify the Amazon server in its trusted certs store...
- ...which is the exact situation that should be solved by adding
Aws.use_bundled_cert!
to an initializer, according to the docs. But in this case it does not work because even though this command instructs the ruby openssl library to add various CA certs to the trusted store from theaws-sdk-core
gem's CA bundle file, the file also does not contain the proper CA certificate as it is itself almost 2 years old and outdated. The intermediate CA certCN=DigiCert Baltimore CA-2 G2
has been published Dec 8, 2015, so no wonder that the CA bundle file does not contain it.
Now, you have two options:
You can try to install this intermediate CA certificate, probably including the root CA cert (
CN=Baltimore CyberTrust Root
), to your openssl trusted certs store. This should make thes_client
command work. But you might still run into issues using these trusted certs from ruby code. For concrete steps for making it work under ruby on OSX, refer to the Solution section of this SO question.Also, since you are using a forked
aws-sdk-ruby
gem repository anyway, you may as well update theca-bundle.crt
file in your repo by adding the intermediate CA cert yourself (the root CA cert seems to be already present in the bundle). For this you need to do the following:- download the intermediate CA cert from the official page of the DigicertCA certificates (you can as well use the direct link above, but to obey security rules precisely you should also check the fingerprints)
convert it to the PEM format (it gets downloaded in DER format) and add it to the cert bundle using the following openssl command:
openssl x509 -in DigiCertBaltimoreCA-2G2.crt -inform DER >> ca-bundle.crt
after running this command, your
ca-bundle.crt
should contain the intermediate CA certificate at the end of the file.Now simply push this updated bundle file to your repo and the
Aws.use_bundled_cert!
should start working!- If you care, perhaps the best would be also to start a github issue at the
aws-sdk-ruby
gem so that they update the cert bundle in their repo too...
Seahorse::Client::NetworkingError Amazon S3 file upload with rails
Well I never found the solution for this problem and had to resort to other options since I was on a deadline. I'm assuming it is a bug on Amazon's end or with the aws-sdk gem, because I have checked my configuration many times, and it is correct.
My workaround was to use the fog gem, which is actually very handy. after adding gem 'fog'
to my gemfile and running bundle install
my code now looks like this:
def upload_to_s3(folder_name)
filename = "ss-" + DateTime.now.strftime("%Y%d%m-%s") + "-" + SecureRandom.hex(4) + ".png"
full_bucket_path = Pathname(folder_name.to_s).join(filename).to_s
image_contents = open(url).read
connection = Fog::Storage.new({
:provider => 'AWS',
:aws_access_key_id => ENV["AWS_ACCESS_KEY_ID"],
:aws_secret_access_key => ENV["AWS_SECRET_ACCESS_KEY"]
})
directory = connection.directories.get(ENV["BUCKET"])
file = directory.files.create(key: full_bucket_path, public: true)
file.body = image_contents
file.save
return file.public_url
end
Which is simple enough and was a breeze to implement. Wish I knew what was messing up with the aws-sdk gem, but for anyone else who has problems, give fog a go.
Ruby rails paperclip Seahorse::Client::NetworkingError (SSL_connect returned=1 errno=0 state=error: certificate verify failed)
Create a file in initializers and place the below code
OpenSSL::SSL::VERIFY_PEER = OpenSSL::SSL::VERIFY_NONE
Related Topics
How to Sort a Ruby Array by Two Conditions
Can't Find Ffi.H When Installing Ffi Ruby Gem
Adding Nested Attributes to Devise User Model
Cannot Install Ruby 1.9.3 on a Clean Lion Install
Heroku Deplyoment Asset Precompiling Failed on Rails 6
Ruby on Rails Group_By (How to Group Events by Month)
Reply to Thread Google-Api-Ruby-Client
How to Make the Say Command Echo a Variable Value in a Script
How to Replace Text in a Ruby String
How to Verify Pacts Against an API That Requires an Auth Token
Numeric Literals Prepended with '0'
Render Erb from Database into View Problem Please Help!
Sorting of 2D Array by Its Amount of in the Inner Elements
Attr_Accessor, Not Able to Access Property
Rails Cors Issue with Ajax API Endpoint Request