canvas-api gem (ruby) SSL Cert error
152 views
Skip to first unread message
Josh Blumberg
Nov 19, 2013, 4:18:15 PM11/19/13
to canvas-l...@googlegroups.com
I had been writing my scripts using the 'rest_client' gem. This had worked ok, but handling pagination is a real pain and I know I need a better strategy.
Brian Whitmer wrote this nice gem: https://github.com/whitmer/canvas-api
I am trying to get it to work, but always get an SSL error:
/usr/local/rvm/rubies/ruby-1.9.3-p194/lib/ruby/1.9.1/net/http.rb:799:in `connect': SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed (OpenSSL::SSL::SSLError)
I solved a similar problem when using Sinatra by downloading "cacert.pem" and adding an environment variable:
ENV['SSL_CERT_FILE'] = "cacert.pem"
I don't know how to solve this though because the error is generated by code within the canvas-api gem. I assume this has something to do with the setup of my Mac. Has anyone run into this?
Sorry if this is a fairly basic ruby question, but I am stumped and would love to use this gem. I am still new to ruby and rusty at programming.
Josh
Brian Whitmer wrote this nice gem: https://github.com/whitmer/canvas-api
I am trying to get it to work, but always get an SSL error:
/usr/local/rvm/rubies/ruby-1.9.3-p194/lib/ruby/1.9.1/net/http.rb:799:in `connect': SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed (OpenSSL::SSL::SSLError)
I solved a similar problem when using Sinatra by downloading "cacert.pem" and adding an environment variable:
ENV['SSL_CERT_FILE'] = "cacert.pem"
I don't know how to solve this though because the error is generated by code within the canvas-api gem. I assume this has something to do with the setup of my Mac. Has anyone run into this?
Sorry if this is a fairly basic ruby question, but I am stumped and would love to use this gem. I am still new to ruby and rusty at programming.
Josh
Christopher Bennell
Nov 25, 2013, 12:47:04 PM11/25/13
to canvas-l...@googlegroups.com
I believe that error means ruby can't find the root CA cert for the page you're loading. This page has details: http://mislav.uniqpath.com/2013/07/ruby-openssl/
Josh Blumberg
Nov 26, 2013, 3:13:12 PM11/26/13
to canvas-l...@googlegroups.com
Thanks. Good article. I'll keep working on it.
Josh
--
---
You received this message because you are subscribed to a topic in the Google Groups "Canvas LMS Users" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/canvas-lms-users/BznHlWxmssI/unsubscribe.
To unsubscribe from this group and all its topics, send an email to canvas-lms-use...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
Christopher Bennell
Nov 27, 2013, 2:00:10 PM11/27/13
to canvas-l...@googlegroups.com
I didn't have time to write a proper response earlier, but I was experiencing the same problem. It was occurring while Canvas was trying use the Adobe Connect API to create meetings. Our Connect instance is served over SSL, with a cert signed by RapidSSL, itself signed by GeoTrust. My Canvas app servers had a root cert for GeoTrust, but not for RapidSSL. The solution was to get a copy of the cert (issued by the CA), and make it available to ruby.
Ruby looks for root certs in it's DEFAULT_CERT_DIR - you can find this by running
ruby -e 'require "openssl"; puts OpenSSL::X509::DEFAULT_CERT_DIR'
On my machine, this is /etc/ssl/certs. But you can't just stick the cert file there, you need to rename the file to a hash of the cert details, with a file extension of "0" (zero). In my case, certs are kept in /usr/share/ca-certificates/ and symlinked to a file in /etc/ssl/certs. You can get the hash by running
openssl x509 -noout -in my-cert.crt -hash
This will give you something like f123a456. So you would symlink /usr/share/ca-certificates/my-cert.crt to /etc/ssl/certs/f123a456.0
I hope this helps.
On Tuesday, November 19, 2013 4:18:15 PM UTC-5, Josh Blumberg wrote:
Reply all
Reply to author
Forward
0 new messages