0

I am working on Windows 10. I want to create application which will be using the outlookAPI. So I was following Getting started tutorial at Write a Ruby on Rails app to get Outlook mail.

I've faced of this issue of SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed as shown below;

enter image description here

Issue above appears when I try to getToken after the authentication stage went successfully.

I would be appreciated of any suggestions.

jww
  • 90,984
  • 81
  • 374
  • 818
Lominskiy Volodimyr
  • 81
  • 2
  • 7
  • Two requests.. (1) Please state the errors. The text on the picture is too small to read. In addition, the text cannot be indexed by search engines for future visitors. (2) Please post the URL you are using to connect to the server, and post the output of `openssl s_client -connect : -tls1 -servername | openssl x509 -text -noout`. Do so by adding it to your question by clicking *Edit* (and don't post it as a comment). Otherwise, we can't reproduce it and there's not enough information to help troubleshoot it. – jww Mar 16 '17 at 11:18
  • I don't know how you created your certificate, but ***`CN=example.com`*** is probably wrong. Hostnames always go in the *SAN*. If its present in the *CN*, then it must be present in the *SAN* too (you have to list it twice in this case). For more rules and reasons, see [How do you sign Certificate Signing Request with your Certification Authority](http://stackoverflow.com/a/21340898/608639) and [How to create a self-signed certificate with openssl?](http://stackoverflow.com/q/10175812/608639) – jww Mar 16 '17 at 11:22

2 Answers2

2
sudo port install curl-ca-bundle

and tell your https object to use it:

https.ca_file = '/opt/local/share/curl/curl-ca-bundle.crt'

Note that if you want your code to run on Ubuntu, you need to set the ca_path attribute instead, with the default certificates location /etc/ssl/certs.

OR

Add following code in initializer:

require 'openssl'
OpenSSL::SSL::VERIFY_PEER = OpenSSL::SSL::VERIFY_NONE
puneet18
  • 4,753
  • 2
  • 21
  • 28
  • 1
    *"Or add following code in initializer: `OpenSSL::SSL::VERIFY_PEER = OpenSSL::SSL::VERIFY_NONE`"* - awful suggestion, -1. Also see [The most dangerous code in the world: validating SSL certificates in non-browser software](http://crypto.stanford.edu/~dabo/pubs/abstracts/ssl-client-bugs.html). Its a pandemic problem. – jww Mar 16 '17 at 11:17
0

Try adding gem 'certified' in your gemfile and run bundle install.

gem 'certified'
bundle install
Sajin
  • 1,588
  • 1
  • 13
  • 18