SSL certificate error in rvm.beginrescueend.com

867 views
Skip to first unread message

dubek

unread,
Apr 11, 2011, 6:08:16 AM4/11/11
to rubyversi...@googlegroups.com
Hi,

There seems to be a problem with the certificate of https://rvm.beginrescueend.com/ . I get it in Firefox, Safari and of course curl:

$ curl -L http://rvm.beginrescueend.com/install/rvm -o rvm-installer ; chmod +x rvm-installer ; ./rvm-install latest
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   185  100   185    0     0    244      0 --:--:-- --:--:-- --:--:--     0
curl: (60) SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

More details here: http://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). The default
 bundle is named curl-ca-bundle.crt; you can specify an alternate file
 using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
 the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
 not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
 the -k (or --insecure) option.
chmod: cannot access `rvm-installer': No such file or directory
-bash: ./rvm-install: No such file or directory



Did the website always redirect to HTTPS ?

Thanks,
dubek

Wayne E. Seguin

unread,
Apr 16, 2011, 2:00:49 PM4/16/11
to rubyversi...@googlegroups.com
You can use -k with curl to bypass it however the certificates should now be in order unless you are on *super* old systems which will have very old ca-certificates (RHEL4 for example).

--
Please visit http://rvm.beginrescueend.com/ for documentation on rvm.
Please visit https://www.pivotaltracker.com/projects/26822 to see what is being worked on currently.
 
You received this message because you are subscribed to the Google
Groups "rvm (Ruby Version Manager)" group.
To post to this group, send email to rubyversi...@googlegroups.com
To unsubscribe from this group, send email to
rubyversionmana...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/rubyversionmanager?hl=en



--
  ~Wayne

Wayne E. Seguin
wayneeseguin on irc.freenode.net

Rebecca

unread,
Jun 8, 2011, 12:43:23 PM6/8/11
to rvm (Ruby Version Manager)
I have an intern who is on Mac OSX 10.5 and is getting an SSL cert
curl error when install ruby 1.9.2 (installing RVM went fine). Looks
like the problem is the yaml.tar.gz Is there a way to force curl to
use -k in rvm?

Thanks,
Rebecca

If you're interested, here is her full error:
wnhs105512m5l:~ cathleencraviotto$ rvm install 1.9.2
Installing Ruby from source to: /Users/cathleencraviotto/.rvm/rubies/
ruby-1.9.2-p180, this may take a while depending on your cpu(s)...

ruby-1.9.2-p180 - #fetching
ruby-1.9.2-p180 - #extracted to /Users/cathleencraviotto/.rvm/src/
ruby-1.9.2-p180 (already extracted)
Fetching yaml-0.1.3.tar.gz to /Users/cathleencraviotto/.rvm/archives

curl: (60) SSL certificate problem, verify that the CA cert is OK.
Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate
verify failed
More details here: http://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a
"bundle"
of Certificate Authority (CA) public keys (CA certs). The default
bundle is named curl-ca-bundle.crt; you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.
ERROR: There was an error, please check /Users/cathleencraviotto/.rvm/
log/ruby-1.9.2-p180/*.log. Next we'll try to fetch via http.
Trying http:// URL instead.

curl: (60) SSL certificate problem, verify that the CA cert is OK.
Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate
verify failed
More details here: http://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a
"bundle"
of Certificate Authority (CA) public keys (CA certs). The default
bundle is named curl-ca-bundle.crt; you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.
ERROR: There was an error, please check /Users/cathleencraviotto/.rvm/
log/ruby-1.9.2-p180/*.log
Extracting yaml-0.1.3.tar.gz to /Users/cathleencraviotto/.rvm/src
ERROR: Error running 'tar zxf /Users/cathleencraviotto/.rvm/archives/
yaml-0.1.3.tar.gz -C /Users/cathleencraviotto/.rvm/src --no-same-
owner', please read /Users/cathleencraviotto/.rvm/log/ruby-1.9.2-p180/
yaml/extract.log
/Users/cathleencraviotto/.rvm/scripts/functions/packages: line 55:
cd: /Users/cathleencraviotto/.rvm/src/yaml-0.1.3: No such file or
directory
Configuring yaml in /Users/cathleencraviotto/.rvm/src/yaml-0.1.3.
ERROR: Error running ' ./configure --prefix="/Users/
cathleencraviotto/.rvm/usr" ', please read /Users/
cathleencraviotto/.rvm/log/ruby-1.9.2-p180/yaml/configure.log
Compiling yaml in /Users/cathleencraviotto/.rvm/src/yaml-0.1.3.
ERROR: Error running '/usr/bin/make ', please read /Users/
cathleencraviotto/.rvm/log/ruby-1.9.2-p180/yaml/make.log
Installing yaml to /Users/cathleencraviotto/.rvm/usr
ERROR: Error running '/usr/bin/make install', please read /Users/
cathleencraviotto/.rvm/log/ruby-1.9.2-p180/yaml/make.install.log
ruby-1.9.2-p180 - #configuring
ERROR: Error running ' ./configure --prefix=/Users/
cathleencraviotto/.rvm/rubies/ruby-1.9.2-p180 --enable-shared --
disable-install-doc --with-libyaml-dir=/Users/cathleencraviotto/.rvm/
usr ', please read /Users/cathleencraviotto/.rvm/log/ruby-1.9.2-p180/
configure.log
ERROR: There has been an error while running configure. Halting the
installation.

On Apr 16, 2:00 pm, "Wayne E. Seguin" <wayneeseg...@gmail.com> wrote:
> You can use -k with curl to bypass it however the certificates should now be
> in order unless you are on *super* old systems which will have very old
> ca-certificates (RHEL4 for example).
>
>
>
>
>
>
>
>
>
> On Mon, Apr 11, 2011 at 6:08 AM, dubek <dov.mu...@gmail.com> wrote:
> > Hi,
>
> > There seems to be a problem with the certificate of
> >https://rvm.beginrescueend.com/. I get it in Firefox, Safari and of
> > course curl:
>
> > *$ curl -Lhttp://rvm.beginrescueend.com/install/rvm-o rvm-installer ;
> > chmod +x rvm-installer ; ./rvm-install latest*
> >   % Total    % Received % Xferd  Average Speed   Time    Time     Time
> > Current
> >                                  Dload  Upload   Total   Spent    Left
> > Speed
> > 100   185  100   185    0     0    244      0 --:--:-- --:--:--
> > --:--:--     0
> > *curl: (60) SSL certificate problem, verify that the CA cert is OK.
> > Details:
> > error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify
> > failed*
> > More details here:http://curl.haxx.se/docs/sslcerts.html
>
> > curl performs SSL certificate verification by default, using a "bundle"
> >  of Certificate Authority (CA) public keys (CA certs). The default
> >  bundle is named curl-ca-bundle.crt; you can specify an alternate file
> >  using the --cacert option.
> > If this HTTPS server uses a certificate signed by a CA represented in
> >  the bundle, the certificate verification probably failed due to a
> >  problem with the certificate (it might be expired, or the name might
> >  not match the domain name in the URL).
> > If you'd like to turn off curl's verification of the certificate, use
> >  the -k (or --insecure) option.
> > chmod: cannot access `rvm-installer': No such file or directory
> > -bash: ./rvm-install: No such file or directory
>
> > Did the website always redirect to HTTPS ?
>
> > Thanks,
> > dubek
>
> > --
> > Please visithttp://rvm.beginrescueend.com/for documentation on rvm.
> > Please visithttps://www.pivotaltracker.com/projects/26822to see what is
> > being worked on currently.
>
> > You received this message because you are subscribed to the Google
> > Groups "rvm (Ruby Version Manager)" group.
> > To post to this group, send email to rubyversi...@googlegroups.com
> > To unsubscribe from this group, send email to
> > rubyversionmana...@googlegroups.com
> > For more options, visit this group at
> >http://groups.google.com/group/rubyversionmanager?hl=en
>
> --
>   ~Wayne
>
> Wayne E. Seguin
> wayneeseg...@gmail.com
> wayneeseguin on irc.freenode.nethttp://twitter.com/wayneeseguin/https://github.com/wayneeseguin/

Wayne E. Seguin

unread,
Jun 8, 2011, 1:15:28 PM6/8/11
to rubyversi...@googlegroups.com
man curl

you can set it in ~/.curlrc from what I recall.

-- 
Wayne E. Seguin
wayneeseguin on Skype/IRC/Twitter/Gmail
--
Please visit http://rvm.beginrescueend.com/ for documentation on rvm.
Please visit https://www.pivotaltracker.com/projects/26822 to see what is being worked on currently.

Jarkko Laine

unread,
Jun 9, 2011, 1:31:47 PM6/9/11
to rvm (Ruby Version Manager)
On Jun 8, 8:15 pm, "Wayne E. Seguin" <wayneeseg...@gmail.com> wrote:
> man curl
>
> you can set it in ~/.curlrc from what I recall.

It's probably better to just get a more recent cert file. You can get
one from http://curl.haxx.se/docs/caextract.html. Then you'll have to
point the CURL_CA_BUNDLE environment variable to wherever you
downloaded that file and curl will use it instead of the old one.

So (e.g.):

$ curl -O http://curl.haxx.se/ca/cacert.pem
$ export CURL_CA_BUNDLE=`pwd`/cacert.pem # add this to your .bashrc or
equivalent

//jarkko
> > On Apr 16, 2:00 pm, "Wayne E. Seguin" <wayneeseg...@gmail.com (http://gmail.com)> wrote:
> > > You can use -k with curl to bypass it however the certificates should now be
> > > in order unless you are on *super* old systems which will have very old
> > > ca-certificates (RHEL4 for example).
>
> > > > Please visithttps://www.pivotaltracker.com/projects/26822to(http://www.pivotaltracker.com/projects/26822to) see what is
> > > > being worked on currently.
>
> > > > You received this message because you are subscribed to the Google
> > > > Groups "rvm (Ruby Version Manager)" group.
> > > > To post to this group, send email to rubyversi...@googlegroups.com (mailto:rubyversi...@googlegroups.com)
> > > > To unsubscribe from this group, send email to
> > > > rubyversionmana...@googlegroups.com (mailto:rubyversionmana...@googlegroups.com)
> > > > For more options, visit this group at
> > > >http://groups.google.com/group/rubyversionmanager?hl=en
>
> > > --
> > >  ~Wayne
>
> > > Wayne E. Seguin
> > > wayneeseg...@gmail.com (http://gmail.com)
> > > wayneeseguin on irc.freenode.nethttp://twitter.com/wayneeseguin/https://github.com/wayneeseguin/
>
> > --
> > Please visithttp://rvm.beginrescueend.com/for documentation on rvm.
> > Please visithttps://www.pivotaltracker.com/projects/26822to see what is being worked on currently.
>
> > You received this message because you are subscribed to the Google
> > Groups "rvm (Ruby Version Manager)" group.
> > To post to this group, send email to rubyversi...@googlegroups.com (mailto:rubyversi...@googlegroups.com)
> > To unsubscribe from this group, send email to
> > rubyversionmana...@googlegroups.com (mailto:rubyversionmana...@googlegroups.com)
Reply all
Reply to author
Forward
0 new messages