SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed

The most straightforward answer which worked for me was this

sudo apt-get install openssl ca-certificates

And voila!!!

OS X 10.8.x with Homebrew:

brew install curl-ca-bundle
brew list curl-ca-bundle
cp /usr/local/Cellar/curl-ca-bundle/1.87/share/ca-bundle.crt /usr/local/etc/openssl/cert.pem

I had trouble for a number of days and was hacking around. [This link][1] proved out to be extremely helpful for me. It helped me to do a successful upgrade of the SSL on MAC OS X 9.
<br>



[1]:

[To see links please register here]

I ran into a similar problem when trying to use the JQuery generator for Rails 3

I solved it like this:

1. **Get the CURL Certificate Authority (CA) bundle.** You can do this with:
- `sudo port install curl-ca-bundle` [if you are using MacPorts]
- or just pull it down directly `wget

[To see links please register here]

`

2. Execute the ruby code that is trying to verify the SSL certification: `SSL_CERT_FILE=/opt/local/etc/certs/cacert.pem rails generate jquery:install`. In your case, you want to either set this as an environment variable somewhere the server picks it up or add something like `ENV['SSL_CERT_FILE'] = /path/to/your/new/cacert.pem` in your environment.rb file.

You can also just install the CA files (I haven't tried this) to the OS -- there are lengthy instructions [here](

[To see links please register here]

) -- this should work in a similar fashion, but I have not tried this personally.

Basically, the issue you are hitting is that some web service is responding with a certificate signed against a CA that OpenSSL cannot verify.

While knowing it's rather a lame solution, I'm still sharing this because it seems like very few people answering here use **Windows**, and I think some of Windows users (me included) would appreciate a simple and intuitive approach.

require 'openssl'
puts OpenSSL::X509::DEFAULT_CERT_FILE

That tells where your openssl is looking for the cert file. My name is not Luis, but mine was `C:/Users/Luis/Code/luislavena/knap-build/var/knapsack/software/x86-windows/openssl/1.0.0l/ssl/cert.pem`. The path may be different depending on each own environments (e.g. `openknapsack` instead of `luislavena`).

The path didn't change even after `set SSL_CERT_FILE=C:\foo\bar\baz\cert.pem` via the console, **so... I created the directory** `C:\Users\Luis\Code\luislavena\knap-build\var\knapsack\software\x86-windows\openssl\1.0.0l\ssl` in my local disk and put a cert file into it.

Lame as it is, this will surely work.

I ran into this issue and the suggested fix of `rvm osx-ssl-certs update all` did not work despite that I am an RVM user on OSX.

The fix that worked for me was re-installing the latest version of openssl:

brew update
brew remove openssl
brew install openssl

If you have a symbolic link in the /usr/local/etc/openssl pointing to cert.pem try to do this:

ruby -ropenssl -e "p OpenSSL::X509::DEFAULT_CERT_FILE" (should be /usr/local/etc/openssl)
cd /usr/local/etc/openssl
wget

[To see links please register here]

ln -s cacert.pem 77ee3751.0 (77ee3751.0 is my symbolic link, should depend on the openssl version)

On Mac OS X Lion with the latest macport:

sudo port install curl-ca-bundle
export SSL_CERT_FILE=/opt/local/share/curl/curl-ca-bundle.crt

Then, rerun the failed job.

Note, the cert file location seems to have changed since Eric G answered on May 12.

This can be the issue of the broken/invalid SSL certificates. On mac you can use this command to update the SSL certificates:

rvm osx-ssl-certs update all

I've try install `curl-ca-bundle` with `brew`, but the package is no available more:

$ brew install curl-ca-bundle
Error: No available formula for curl-ca-bundle
Searching formulae...
Searching taps...

The solution that worked to me on Mac was:

$ cd /usr/local/etc/openssl/certs/
$ sudo curl -O

[To see links please register here]

Add this line in your `~/.bash_profile` (or `~/.zshrc` for zsh):

export SSL_CERT_FILE=/usr/local/etc/openssl/certs/cacert.pem

Then update your terminal:

$ source ~/.bash_profile