When you encounter SSL errors when installing gems on Windows, the easiest workaround is to change your sources from
http://.... But … I am an avid user/fan of rails-assets.org and today I suddenly started getting the error on their domain.
So at first I feared that rails-assets had stopped as foreseen (in this ticket), but the site was still reachable, and actually they switched (imho just two days ago) to a new maintainer, which is awesome: the future of rails-assets is safe for now.
But there is no rose without a thorn and now rails-assets enforces TLS (which is actually a good thing), so it is always SSL and
gem cannot ignore SSL anymore. Doh! So I was stuck on windows.
I tried to make
gem command ignore ssl errors regardless, by creating
c:\ProgramData\gemrc with the following content:
--- :ssl_verify_mode: 0
and that partly worked: I was now able to fetch the index, but now I received the SSL error on the first gem retrieved from rails-assets, so I was still not in the clear. I had to make sure the SSL verification actually worked!
Fortunately, after some googling this proved easier then expected! The root cause is that ruby on windows (or openssl) has no default root certificate. So I found a good description how to fix that on windows.
I used the boring/easy/manual approach, in short:
- download the
cacert.pemfile from http://curl.haxx.se/ca/cacert.pem. I saved this to my ruby folder (e.g.
- add an environment variable
SSL_CERT_FILE, so ruby can pick it up. E.g. in your command prompt type
set SSL_CERT_FILE=C:\ruby21\cacert.pem. To make this a permanent setting, add this to your environment variables.