SSL Certificate error whilst using rvm
Given that I have a lovely clean install of Ubuntu 11.10, I decided to use rvm to manage by Ruby installation. The only problem with that is the SSL certificate beginrescueend.com uses isn’t known to Ubuntu.
I’ve seen a post advocating using -k to ignore CA certificate validation, but that’s not the right thing to do. It works, but only by defeating a security mechanism.
Cut to the chase – how to get around it:
- Read the error message curl produces, which suggests visiting http://curl.haxx.se/docs/sslcerts.html
- From there, download cacert.pem and copy this to your home directory
- Create ~/.curlrc, with the single line cacert = ~/cacert.pem
- Test using curl https://rvm.beginrescueend.com/ > /dev/null – the CA error should not appear
Another option (on Debian/Ubuntu systems at least) is:
1) get the missing cert from Comodo: https://support.comodo.com/index.php?_m=downloads&_a=viewdownload&downloaditemid=62&nav=0,1,20)
2) put it it in /usr/local/share/ca-certificates/EssentialSSL.crt
3) run ‘dpkg-reconfigure ca-certificates’ to add it to the system-wide ca-certificates.crt in /etc/ssl/certs