Thursday, February 21, 2013

Certificate errors when using RVM to install Ruby

Fixing $PATH:

Curl Certificate Error when Using RVM to install Ruby 1.9.3

From here:

More on this:
DigiCert Trusted Root Authority Certificates:

Tryng to installing RVM on Mac OS (Leopard):

bash << (curl 
bash << (curl -s
bash << (curl -s
curl -L | bash -s stable

Got this message:

curl: (60) SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
More details here:

curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). The default
 bundle is named curl-ca-bundle.crt; you can specify an alternate file
 using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
 the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
 not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
 the -k (or --insecure) option.

Message might as well be:

Downloading RVM from wayneeseguin branch stable

Could not download ''.
  Make sure your certificates are up to date as described above.
  To continue in insecure mode run 'echo insecure >> ~/.curlrc'.

Certification fix # 1:

You need to download the ca certificate from and add them to your curl-ca-bundle-new.crt file.
To find the location of this file use:
   $ curl-config --ca

Backup your curl-ca-bundle.crt file:
$ cp /usr/share/curl/curl-ca-bundle.crt /usr/share/curl/curl-ca-bundle.crt.old
Then you want to concatenate the two file using:
$ cat cacert.pem /usr/share/curl/curl-ca-bundle.crt >> curl-ca-bundle-new.crt

Certification fix # 2:

If do not want to change the script AND you do not want to add a cert "for ever" to the cert bundle. There is a very nice and quick solution:
#to download the cert
#to let curl use it for the next calls
export CURL_CA_BUNDLE=~/cacert.pem
Then run your script. To reset the environment variable (for subsequent script calls that should not use this cert) re-login to your system or unset the environment variable:

Certification fix # 3

The version of libcurl provided with Mac OS X Leopard has outdated
SSL certificates.

This can cause problems when running commands that use Git to fetch over HTTPS.

You can force Git to ignore these errors by setting GIT_SSL_NO_VERIFY.


Quick and dirty, what have work out for me before the Certification fix:

Option 1
echo insecure >> ~/.curlrc
if the above mentioned errors occurs in any of the installation steps.

Option 2:
$ curl -s >
$ chmod 755

Add -k to the curl command as in this:

if curl -Lk${_repo}/rvm/tarball/${_branch} -o ${rvm_archives_path}/${_repo}-rvm-${_branch}.tgz
Then run the script:

$ ./ --branch stable

1 comment:

Powered by Blogger.