tag:help.rubygems.org,2010-01-19:/discussions/problems/24036-ssl-vierify-failed
RubyGems.org: Discussion
2018-10-18T19:51:30Z
tag:help.rubygems.org,2010-01-19:Comment/41042420
2016-10-20T19:39:50Z
2016-10-20T19:39:50Z
SSL Verify failed
<div><p>The hostname you send to <code>wget</code> and the hostname you
sent to <code>openssl s_client</code> are different, so you get
different certificates. You should be seeing this certificate:</p>
<pre>
<code>Certificate:
Data:
Version: 3 (0x2)
Serial Number:
1b:a6:8b:a7:f6:a7:5b:c7:66:63:45:ac
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2
Validity
Not Before: Sep 27 15:39:12 2016 GMT
Not After : Mar 13 14:04:06 2018 GMT
Subject: C=US, ST=California, L=San Francisco, O=Fastly, Inc., CN=l.ssl.fastly.net
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (2048 bit)
Modulus (2048 bit):
00:cb:c7:72:f5:6f:b5:90:d8:03:7d:96:5a:56:6f:
4e:b8:1e:9a:01:c2:f2:b1:b3:83:29:4b:c7:b7:b2:
2f:3c:42:63:2d:96:0c:3f:94:8b:08:1e:7e:7a:8f:
77:55:bd:55:97:72:3f:95:4f:aa:74:12:0f:d5:8c:
e2:f4:e8:7c:5c:1f:83:04:0e:d8:9a:0c:f2:7a:e5:
af:4f:4e:d8:04:e2:4e:7d:7a:db:40:af:6d:c7:e7:
66:71:94:2d:53:7a:24:6b:4b:aa:39:40:de:4f:c7:
c4:a9:c7:2e:7f:0c:40:d1:1a:15:3c:61:0a:09:98:
c3:af:83:40:2c:80:4b:e1:c9:0a:c5:67:a2:6e:fc:
27:5f:5a:cd:d5:fa:b2:30:c8:96:df:a3:0b:dc:0f:
60:75:20:39:d1:82:32:ee:f8:7d:08:3b:da:4a:df:
e1:06:7f:e9:52:dd:b1:92:18:70:b5:d8:bf:ce:be:
81:ae:98:ec:31:28:01:ff:4a:93:d3:71:ae:91:9e:
df:b3:12:c8:ec:ac:1a:ca:ca:54:96:12:d4:6d:8f:
7d:a4:a8:97:ad:fe:8d:36:e4:c8:1e:de:7b:22:e0:
f7:6b:54:e7:06:71:e4:3a:cf:6e:42:7c:b7:d6:8d:
d2:84:f3:a7:c6:8e:21:07:4c:63:77:e6:db:cf:61:
ac:b9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
Authority Information Access:
CA Issuers - URI:http://secure.globalsign.com/cacert/gsorganizationvalsha2g2r1.crt
OCSP - URI:http://ocsp2.globalsign.com/gsorganizationvalsha2g2
X509v3 Certificate Policies:
Policy: 1.3.6.1.4.1.4146.1.20
CPS: https://www.globalsign.com/repository/
Policy: 2.23.140.1.2.2
X509v3 Basic Constraints:
CA:FALSE
X509v3 CRL Distribution Points:
URI:http://crl.globalsign.com/gs/gsorganizationvalsha2g2.crl
X509v3 Subject Alternative Name:
DNS:l.ssl.fastly.net, DNS:*.1stdibscdn.com, DNS:*.aman.com, DNS:*.answersingenesis.co.uk, DNS:*.answersingenesis.org, DNS:*.api.livestream.com, DNS:*.arkencounter.com, DNS:*.attribution.report, DNS:*.bestegg.com, DNS:*.buyitdirect.co.uk, DNS:*.contentbody.com, DNS:*.creationmuseum.org, DNS:*.curations.bazaarvoice.com, DNS:*.dlsadapt.com, DNS:*.dollarshaveclub.com, DNS:*.exciteonlineservices.com, DNS:*.fastlylabs.com, DNS:*.filepicker.io, DNS:*.files.trylately.com, DNS:*.filestackapi.com, DNS:*.fod-sandbox.com, DNS:*.fod-staging.com, DNS:*.fod4.com, DNS:*.full30.com, DNS:*.fundpaas.com, DNS:*.funker530.com, DNS:*.funnyordie.com, DNS:*.gamebatte.com, DNS:*.hfa.io, DNS:*.jackthreads.com, DNS:*.knnlab.com, DNS:*.letemps.ch, DNS:*.lootcrate.com, DNS:*.mybestegg.com, DNS:*.nfl.com, DNS:*.patch.com, DNS:*.pebble.com, DNS:*.pottermore.com, DNS:*.primesport.com, DNS:*.protected-checkout.net, DNS:*.rchery.se, DNS:*.rubygems.org, DNS:*.rwlivecms.com, DNS:*.safaribooksonline.com, DNS:*.smartsparrow.com, DNS:*.spokenlayer.com, DNS:*.tac-cdn.net, DNS:*.theredpin.com, DNS:*.thrillist.com, DNS:*.totalwine.com, DNS:*.travis-ci.com, DNS:*.travis-ci.org, DNS:*.treasuredata.com, DNS:*.turner.com, DNS:*.unitedway.org, DNS:*.universe.com, DNS:*.unpkg.com, DNS:*.upbolt.com, DNS:*.upload.600horses.com, DNS:*.urx.com, DNS:*.vevo.com, DNS:*.videocreator.yahoo-net.jp, DNS:*.wholefoodsmarket.com, DNS:*.ybi.idcfcloud.net, DNS:*.yondermusic.com, DNS:a.1stdibscdn.com, DNS:afrostream.tv, DNS:api.domainr.com, DNS:api.nymag.com, DNS:app.betterimpactcdn.com, DNS:assets.fl.markavip-cdn.com, DNS:attribution.report, DNS:cdn-fastly.torproject.org, DNS:cdn.filestackcontent.com, DNS:cdn.hightailspaces.com, DNS:cdn.kevy.com, DNS:domainr.com, DNS:donorschoose.org, DNS:embed-preprod.ticketmaster.com, DNS:embed.optimizeplayer.com, DNS:embed.ticketmaster.com, DNS:fastlylabs.com, DNS:fl.eat24cdn.com, DNS:full30.com, DNS:fundpaas.com, DNS:funker530.com, DNS:getmovi.com, DNS:givingtuesday.givegab.com, DNS:hfa.io, DNS:i.upworthy.com, DNS:images.fl.markavip-cdn.com, DNS:jackthreads.com, DNS:knnlab.com, DNS:lootcrate.com, DNS:media.barfoot.co.nz, DNS:media.rightmove.co.uk, DNS:merryjane.com, DNS:mighty-flowers-420.merryjane.com, DNS:nextgen-assets.edmunds-media.com, DNS:noembed.com, DNS:nymag.com, DNS:*.nymag.com, DNS:patch.com, DNS:pebble.com, DNS:pixel.nymag.com, DNS:primesport.com, DNS:proquest.tech.safaribooksonline.de, DNS:rubygems.org, DNS:safaribooksonline.com, DNS:static.vesdia.com, DNS:theguardian.tv, DNS:*.theguardian.tv, DNS:thrillist.com, DNS:totalwine.com, DNS:unpkg.com, DNS:upbolt.com, DNS:urx.com, DNS:videocreator.yahoo-net.jp, DNS:welcome-dev.banksimple.com, DNS:wiki-temp.ca.com, DNS:www.blinq.com, DNS:www.bulq.com, DNS:www.cristianoronaldofragrances.com, DNS:www.freegivingtuesday.org, DNS:www.freelotto.com, DNS:www.iodine.com, DNS:www.laptopsdirect.co.uk, DNS:www.letemps.ch, DNS:www.merryjane.com, DNS:www.mighty-flowers-420.merryjane.com, DNS:www.millstreamlot46.info, DNS:www.pottermore.com, DNS:www.trainoregon.org
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Subject Key Identifier:
4C:71:46:43:59:E5:90:2E:D5:BD:F2:CA:C4:1E:ED:1D:09:A7:9B:F4
X509v3 Authority Key Identifier:
keyid:96:DE:61:F1:BD:1C:16:29:53:1C:C0:CC:7D:3B:83:00:40:E6:1A:7C
Signature Algorithm: sha256WithRSAEncryption
17:77:50:40:cf:5d:a7:be:3e:d3:4a:bf:71:c0:d6:aa:ff:0e:
ca:06:5b:c7:b6:e0:64:90:13:55:b6:2b:c9:f1:6d:e2:69:d7:
d3:8e:79:e5:bd:ee:48:6d:f2:22:28:4a:42:1d:ff:22:b3:ea:
d6:e3:dd:66:b3:b5:96:48:a5:c1:c1:2c:e2:1a:c2:65:f2:71:
5e:b3:5f:c5:73:9b:90:4b:e8:01:33:b3:37:61:75:00:4e:fb:
bc:6e:b7:0f:af:da:b8:99:f5:59:45:6e:9f:a5:39:61:40:24:
a6:b2:d2:42:bb:c0:23:1e:d2:45:cf:ec:10:32:43:82:fc:2c:
1e:1d:2f:29:29:a7:62:73:1c:c6:fa:c4:2e:7e:f4:cf:82:2a:
79:dc:20:4b:1f:47:44:35:4d:93:1b:e4:0f:40:31:1e:81:0c:
fb:f5:ef:f3:22:45:0b:f0:a2:e6:cc:26:9b:76:06:b2:22:8b:
fa:0f:ef:57:b8:d6:87:08:50:5a:05:4d:17:a3:66:41:f3:1e:
b5:6a:16:15:30:5a:12:a1:aa:50:e0:8d:93:d1:92:ef:ef:33:
fc:96:29:85:ba:1b:91:48:31:f4:8e:82:d5:79:90:72:15:64:
14:ac:dc:b5:67:29:b7:cb:bd:ad:66:9d:d4:be:41:5c:84:4f:
71:05:91:7c</code>
</pre></div>
Eric Hodel
tag:help.rubygems.org,2010-01-19:Comment/41042420
2016-10-20T19:49:16Z
2016-10-20T19:49:17Z
SSL Verify failed
<div><p>When I send rubygems.org to openssl_client I get a certificate
expired error see below. Should I open a ticket with Fastly or
anyone else, is there a problem on my machine?</p>
<pre>
<code>$ openssl s_client -host rubygems.org -port 443
CONNECTED(00000003)
depth=2 C = BE, O = GlobalSign nv-sa, OU = Root CA, CN = GlobalSign Root CA
verify error:num=10:certificate has expired
notAfter=Jan 28 12:00:00 2014 GMT
---
Certificate chain
0 s:/C=US/ST=California/L=San Francisco/O=Fastly, Inc./CN=l.ssl.fastly.net
i:/C=BE/O=GlobalSign nv-sa/CN=GlobalSign Organization Validation CA - SHA256 - G2
1 s:/C=BE/O=GlobalSign nv-sa/CN=GlobalSign Organization Validation CA - SHA256 - G2
i:/C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIO+DCCDeCgAwIBAgIMG6aLp/anW8dmY0WsMA0GCSqGSIb3DQEBCwUAMGYxCzAJ
BgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTwwOgYDVQQDEzNH
bG9iYWxTaWduIE9yZ2FuaXphdGlvbiBWYWxpZGF0aW9uIENBIC0gU0hBMjU2IC0g
RzIwHhcNMTYwOTI3MTUzOTEyWhcNMTgwMzEzMTQwNDA2WjBsMQswCQYDVQQGEwJV
UzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzEV
MBMGA1UECgwMRmFzdGx5LCBJbmMuMRkwFwYDVQQDDBBsLnNzbC5mYXN0bHkubmV0
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy8dy9W+1kNgDfZZaVm9O
uB6aAcLysbODKUvHt7IvPEJjLZYMP5SLCB5+eo93Vb1Vl3I/lU+qdBIP1Yzi9Oh8
XB+DBA7YmgzyeuWvT07YBOJOfXrbQK9tx+dmcZQtU3oka0uqOUDeT8fEqccufwxA
0RoVPGEKCZjDr4NALIBL4ckKxWeibvwnX1rN1fqyMMiW36ML3A9gdSA50YIy7vh9
CDvaSt/hBn/pUt2xkhhwtdi/zr6BrpjsMSgB/0qT03GukZ7fsxLI7KwayspUlhLU
bY99pKiXrf6NNuTIHt57IuD3a1TnBnHkOs9uQny31o3ShPOnxo4hB0xjd+bbz2Gs
uQIDAQABo4ILnjCCC5owDgYDVR0PAQH/BAQDAgWgMIGgBggrBgEFBQcBAQSBkzCB
kDBNBggrBgEFBQcwAoZBaHR0cDovL3NlY3VyZS5nbG9iYWxzaWduLmNvbS9jYWNl
cnQvZ3Nvcmdhbml6YXRpb252YWxzaGEyZzJyMS5jcnQwPwYIKwYBBQUHMAGGM2h0
dHA6Ly9vY3NwMi5nbG9iYWxzaWduLmNvbS9nc29yZ2FuaXphdGlvbnZhbHNoYTJn
MjBWBgNVHSAETzBNMEEGCSsGAQQBoDIBFDA0MDIGCCsGAQUFBwIBFiZodHRwczov
L3d3dy5nbG9iYWxzaWduLmNvbS9yZXBvc2l0b3J5LzAIBgZngQwBAgIwCQYDVR0T
BAIwADBJBgNVHR8EQjBAMD6gPKA6hjhodHRwOi8vY3JsLmdsb2JhbHNpZ24uY29t
L2dzL2dzb3JnYW5pemF0aW9udmFsc2hhMmcyLmNybDCCCdYGA1UdEQSCCc0wggnJ
ghBsLnNzbC5mYXN0bHkubmV0ghAqLjFzdGRpYnNjZG4uY29tggoqLmFtYW4uY29t
ghgqLmFuc3dlcnNpbmdlbmVzaXMuY28udWuCFiouYW5zd2Vyc2luZ2VuZXNpcy5v
cmeCFCouYXBpLmxpdmVzdHJlYW0uY29tghIqLmFya2VuY291bnRlci5jb22CFCou
YXR0cmlidXRpb24ucmVwb3J0gg0qLmJlc3RlZ2cuY29tghMqLmJ1eWl0ZGlyZWN0
LmNvLnVrghEqLmNvbnRlbnRib2R5LmNvbYIUKi5jcmVhdGlvbm11c2V1bS5vcmeC
GyouY3VyYXRpb25zLmJhemFhcnZvaWNlLmNvbYIOKi5kbHNhZGFwdC5jb22CFSou
ZG9sbGFyc2hhdmVjbHViLmNvbYIaKi5leGNpdGVvbmxpbmVzZXJ2aWNlcy5jb22C
ECouZmFzdGx5bGFicy5jb22CDyouZmlsZXBpY2tlci5pb4IVKi5maWxlcy50cnls
YXRlbHkuY29tghIqLmZpbGVzdGFja2FwaS5jb22CESouZm9kLXNhbmRib3guY29t
ghEqLmZvZC1zdGFnaW5nLmNvbYIKKi5mb2Q0LmNvbYIMKi5mdWxsMzAuY29tgg4q
LmZ1bmRwYWFzLmNvbYIPKi5mdW5rZXI1MzAuY29tghAqLmZ1bm55b3JkaWUuY29t
gg8qLmdhbWViYXR0ZS5jb22CCCouaGZhLmlvghEqLmphY2t0aHJlYWRzLmNvbYIM
Ki5rbm5sYWIuY29tggwqLmxldGVtcHMuY2iCDyoubG9vdGNyYXRlLmNvbYIPKi5t
eWJlc3RlZ2cuY29tggkqLm5mbC5jb22CCyoucGF0Y2guY29tggwqLnBlYmJsZS5j
b22CECoucG90dGVybW9yZS5jb22CECoucHJpbWVzcG9ydC5jb22CGCoucHJvdGVj
dGVkLWNoZWNrb3V0Lm5ldIILKi5yY2hlcnkuc2WCDioucnVieWdlbXMub3Jngg8q
LnJ3bGl2ZWNtcy5jb22CFyouc2FmYXJpYm9va3NvbmxpbmUuY29tghIqLnNtYXJ0
c3BhcnJvdy5jb22CESouc3Bva2VubGF5ZXIuY29tgg0qLnRhYy1jZG4ubmV0gg8q
LnRoZXJlZHBpbi5jb22CDyoudGhyaWxsaXN0LmNvbYIPKi50b3RhbHdpbmUuY29t
gg8qLnRyYXZpcy1jaS5jb22CDyoudHJhdmlzLWNpLm9yZ4ISKi50cmVhc3VyZWRh
dGEuY29tggwqLnR1cm5lci5jb22CDyoudW5pdGVkd2F5Lm9yZ4IOKi51bml2ZXJz
ZS5jb22CCyoudW5wa2cuY29tggwqLnVwYm9sdC5jb22CFioudXBsb2FkLjYwMGhv
cnNlcy5jb22CCSoudXJ4LmNvbYIKKi52ZXZvLmNvbYIbKi52aWRlb2NyZWF0b3Iu
eWFob28tbmV0LmpwghYqLndob2xlZm9vZHNtYXJrZXQuY29tghMqLnliaS5pZGNm
Y2xvdWQubmV0ghEqLnlvbmRlcm11c2ljLmNvbYIQYS4xc3RkaWJzY2RuLmNvbYIN
YWZyb3N0cmVhbS50doIPYXBpLmRvbWFpbnIuY29tgg1hcGkubnltYWcuY29tghdh
cHAuYmV0dGVyaW1wYWN0Y2RuLmNvbYIaYXNzZXRzLmZsLm1hcmthdmlwLWNkbi5j
b22CEmF0dHJpYnV0aW9uLnJlcG9ydIIZY2RuLWZhc3RseS50b3Jwcm9qZWN0Lm9y
Z4IYY2RuLmZpbGVzdGFja2NvbnRlbnQuY29tghZjZG4uaGlnaHRhaWxzcGFjZXMu
Y29tggxjZG4ua2V2eS5jb22CC2RvbWFpbnIuY29tghBkb25vcnNjaG9vc2Uub3Jn
gh5lbWJlZC1wcmVwcm9kLnRpY2tldG1hc3Rlci5jb22CGGVtYmVkLm9wdGltaXpl
cGxheWVyLmNvbYIWZW1iZWQudGlja2V0bWFzdGVyLmNvbYIOZmFzdGx5bGFicy5j
b22CD2ZsLmVhdDI0Y2RuLmNvbYIKZnVsbDMwLmNvbYIMZnVuZHBhYXMuY29tgg1m
dW5rZXI1MzAuY29tggtnZXRtb3ZpLmNvbYIZZ2l2aW5ndHVlc2RheS5naXZlZ2Fi
LmNvbYIGaGZhLmlvgg5pLnVwd29ydGh5LmNvbYIaaW1hZ2VzLmZsLm1hcmthdmlw
LWNkbi5jb22CD2phY2t0aHJlYWRzLmNvbYIKa25ubGFiLmNvbYINbG9vdGNyYXRl
LmNvbYITbWVkaWEuYmFyZm9vdC5jby5ueoIVbWVkaWEucmlnaHRtb3ZlLmNvLnVr
gg1tZXJyeWphbmUuY29tgiBtaWdodHktZmxvd2Vycy00MjAubWVycnlqYW5lLmNv
bYIgbmV4dGdlbi1hc3NldHMuZWRtdW5kcy1tZWRpYS5jb22CC25vZW1iZWQuY29t
gglueW1hZy5jb22CCyoubnltYWcuY29tgglwYXRjaC5jb22CCnBlYmJsZS5jb22C
D3BpeGVsLm55bWFnLmNvbYIOcHJpbWVzcG9ydC5jb22CInByb3F1ZXN0LnRlY2gu
c2FmYXJpYm9va3NvbmxpbmUuZGWCDHJ1YnlnZW1zLm9yZ4IVc2FmYXJpYm9va3Nv
bmxpbmUuY29tghFzdGF0aWMudmVzZGlhLmNvbYIOdGhlZ3VhcmRpYW4udHaCECou
dGhlZ3VhcmRpYW4udHaCDXRocmlsbGlzdC5jb22CDXRvdGFsd2luZS5jb22CCXVu
cGtnLmNvbYIKdXBib2x0LmNvbYIHdXJ4LmNvbYIZdmlkZW9jcmVhdG9yLnlhaG9v
LW5ldC5qcIIad2VsY29tZS1kZXYuYmFua3NpbXBsZS5jb22CEHdpa2ktdGVtcC5j
YS5jb22CDXd3dy5ibGlucS5jb22CDHd3dy5idWxxLmNvbYIid3d3LmNyaXN0aWFu
b3JvbmFsZG9mcmFncmFuY2VzLmNvbYIZd3d3LmZyZWVnaXZpbmd0dWVzZGF5Lm9y
Z4IRd3d3LmZyZWVsb3R0by5jb22CDnd3dy5pb2RpbmUuY29tghd3d3cubGFwdG9w
c2RpcmVjdC5jby51a4IOd3d3LmxldGVtcHMuY2iCEXd3dy5tZXJyeWphbmUuY29t
giR3d3cubWlnaHR5LWZsb3dlcnMtNDIwLm1lcnJ5amFuZS5jb22CGHd3dy5taWxs
c3RyZWFtbG90NDYuaW5mb4ISd3d3LnBvdHRlcm1vcmUuY29tghN3d3cudHJhaW5v
cmVnb24ub3JnMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4E
FgQUTHFGQ1nlkC7VvfLKxB7tHQmnm/QwHwYDVR0jBBgwFoAUlt5h8b0cFilTHMDM
fTuDAEDmGnwwDQYJKoZIhvcNAQELBQADggEBABd3UEDPXae+PtNKv3HA1qr/DsoG
W8e24GSQE1W2K8nxbeJp19OOeeW97kht8iIoSkId/yKz6tbj3WaztZZIpcHBLOIa
wmXycV6zX8Vzm5BL6AEzszdhdQBO+7xutw+v2riZ9VlFbp+lOWFAJKay0kK7wCMe
0kXP7BAyQ4L8LB4dLykpp2JzHMb6xC5+9M+CKnncIEsfR0Q1TZMb5A9AMR6BDPv1
7/MiRQvwoubMJpt2BrIii/oP71e41ocIUFoFTRejZkHzHrVqFhUwWhKhqlDgjZPR
ku/vM/yWKYW6G5FIMfSOgtV5kHIVZBSs3LVnKbfLva1mndS+QVyET3EFkXw=
-----END CERTIFICATE-----
subject=/C=US/ST=California/L=San Francisco/O=Fastly, Inc./CN=l.ssl.fastly.net
issuer=/C=BE/O=GlobalSign nv-sa/CN=GlobalSign Organization Validation CA - SHA256 - G2
---
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 5631 bytes and written 444 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES128-GCM-SHA256
Session-ID: D61008C72AF3212153421A7AB8696FE88C6A2382597982ABD5B738D166238C6D
Session-ID-ctx:
Master-Key: D79A2FB2F2F570613426455D02AE52876696BB531206987045114F2A12346659A13E910DA62CA6C54CC55FAD78936601
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 1200 (seconds)
TLS session ticket:
0000 - 63 cc 77 4a 00 db 2c 42-2e 8f 76 23 dd a9 ae 53 c.wJ..,B..v#...S
0010 - 99 40 bd 88 52 f0 4c 3d-49 0d 9b 76 1d b9 c2 54 .@..R.L=I..v...T
0020 - 99 21 5b ef 40 87 ae dd-f0 d7 45 84 25 bc 98 ff .![.@.....E.%...
0030 - 09 15 fc 0f 5c 45 dc c4-23 36 3d b9 14 cc bc 2d ....\E..#6=....-
0040 - 4a b0 f7 ed fb bc 81 d0-c3 0b 2b f4 3f 2a 6f e4 J.........+.?*o.
0050 - 7c fc 8b 43 4f f1 cd c1-d7 55 49 86 c0 67 7f 43 |..CO....UI..g.C
0060 - 40 40 cb 01 48 11 42 84-4e d1 29 47 93 91 a8 2b @@..H.B.N.)G...+
0070 - c1 eb 42 ea 0a 26 f6 2a-0b 16 77 81 e1 d2 22 58 ..B..&.*..w..."X
0080 - dd 36 06 76 3c 0a dc ac-5a d6 b2 d1 02 3c e8 9a .6.v<...Z....<..
0090 - d4 2a 85 c4 b2 85 13 e9-a8 79 c8 b2 a2 12 97 83 .*.......y......
Start Time: 1476992670
Timeout : 300 (sec)
Verify return code: 10 (certificate has expired)</code>
</pre></div>
Andre Henry
tag:help.rubygems.org,2010-01-19:Comment/41042420
2016-10-20T20:30:13Z
2016-10-20T20:30:13Z
SSL Verify failed
<div><p>It looks like you need to add the updated GlobalSign Root CA to
your trusted certificate list (certs.pem), there is a copy
here:</p>
<p><a href="https://github.com/rubygems/rubygems/blob/master/lib/rubygems/ssl_certs/index.rubygems.org/GlobalSignRootCA.pem">
https://github.com/rubygems/rubygems/blob/master/lib/rubygems/ssl_c...</a></p>
<p>or:</p>
<p><a href="https://r1.globalsign.com">https://r1.globalsign.com</a></p>
<p>Your OS should have a way to update it's trusted certificate
list, as well.</p></div>
Eric Hodel
tag:help.rubygems.org,2010-01-19:Comment/41042420
2016-10-20T20:34:26Z
2016-10-20T20:34:26Z
SSL Verify failed
<div><p>See also: <a href="https://support.globalsign.com/customer/portal/articles/1426272-expiration-of-old-globalsign-2014-root-ca-certificate">
https://support.globalsign.com/customer/portal/articles/1426272-exp...</a></p></div>
Eric Hodel
tag:help.rubygems.org,2010-01-19:Comment/41042420
2016-10-21T14:36:41Z
2016-10-21T14:36:42Z
SSL Verify failed
<div><ul>
<li>The problem is that 10.10.5 has an outdated
/etc/openssl/cert.pm. Probably because it has an old OpenSSL that
Apple no longer updates.
<ul>
<li>I also had an old OpenSSL installed via Home Brew.</li>
<li>I used brew to upgrade my OpenSSL</li>
<li>I copied /usr/local/etc/cert.pm and overwrote the one in
/etc/openssl/cert.pm</li>
</ul>
</li>
</ul>
<p>Problem fixed ... I guess my ultimate fix is to get off
10.10.5</p></div>
Andre Henry