Post

Gem Install Jeykll - Certificate Verify Failed

Error Messages:

  • ERROR: SSL verification error at depth 2: unable to get local issuer certificate (20)
  • ERROR: You must add certificate to your local trusted store
  • ERROR: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed

System Configuration:

  • Operating System: Windows
  • Version: 10

What steps resulted in this error?

  1. Installing the Jekyll static site generator using gem:
    1
    
    gem install jekyll
    
  2. Upgrading RubyGems using the self-update command:
    1
    
    gem update --system
    

What does this error mean?

  • This error means that your machine was unable to establish a secure connection to RubyGems.org over SSL.

Why did this error occur?

  • The ruby installation on the machine did not trust the Zscalar certificate which was installed on the machine.

Solution

  • For ruby to trust the Zscalar certificate, we need to add the cert to its certs folder.
  • We can identify the path of the ruby certs fodler and the copy the certificate.
    1. Obtain the Corporate Certificate (e.g., Zscaler certificate) from CertMgr -> Trusted Root Certification Authority -> Zscalar Root CA
  1. Convert the .cer to .pem :
    1
    
    openssl x509 -inform der -in source_cert.cer -out target_cert.pem
    
  2. Locate the Certs Directory:
    1
    
    ruby -ropenssl -e "puts OpenSSL::X509::DEFAULT_CERT_DIR"
    
  3. Add the Certificate to Ruby’s Trusted Certificates:
    1
    
    Copy-Item /<path-to-corporate-cert>/zscalar.pem <path-to-certs-directory>/zscalar.pem
    
  4. Update the Gems system and Install Jekyll
    1
    2
    
    gem udpate --system
    gem install jekyll
    
This post is licensed under CC BY 4.0 by the author.