SOAP - issue with openssl verification failure

[Venkat Alla]

I have the following code in a script that I am trying to use at work -

#!/usr/local/bin/ruby

require 'rubygems'
require 'soap/wsdlDriver'

wsdl = 'myURL'
driver = SOAP::WSDLDriverFactory.new(wsdl).create_rpc_driver

I have a working perl snippet given, which uses SOAP::Lite. I want to
use ruby to code my script, but unable to go past the above lines.

Here is the error I am receiving -


at depth 0 - 20: unable to get local issuer certificate
OpenSSL::SSL::SSLError: certificate verify failed

I am stuck for hours trying to figure a way out. Please help.

Thanks in advance.

 

[Steven Williamson]

[Note: parts of this message were removed to make it a legal post.]

This isn't a ruby problem looks like your connecting to a server using ssl
which has self signed certificate. Hence it can't be verifid. If you get
hold of the cert you can add it to your trusted certs list. But brware this
means your trusting the certificate implicitly.

Fine for testing though.


I have the following code in a script that I am trying to use at work -

#!/usr/local/bin/ruby

require 'rubygems'
require 'soap/wsdlDriver'

wsdl = 'myURL'
driver = SOAP::WSDLDriverFactory.new(wsdl).create_rpc_driver

I have a working perl snippet given, which uses SOAP::Lite. I want to
use ruby to code my script, but unable to go past the above lines.

Here is the error I am receiving -


at depth 0 - 20: unable to get local issuer certificate
OpenSSL::SSL::SSLError: certificate verify failed

I am stuck for hours trying to figure a way out. Please help.

Thanks in advance.

 

[Joe Gutierrez]

I am having the same problem. Is adding the cert to your trusted certs
list a Ruby thing or a system related task? It seems that it's not
possible to specify options to SOAP::WSDLDriverFactory.new, such as an
SSL cert .

Joseph Gutierrez
Web Developer - Inc21
(e-mail address removed)

 

[Joe Gutierrez]

How do you add a cert to your list of trusted certs? Is it possible to
specify a cert a some point when creating a new SOAP::WSDLDriverFactory?

Joseph Gutierrez
Web Developer - Inc21
(e-mail address removed)

I am having the same problem. Is adding the cert to your trusted certs
list a Ruby thing or a system related task? It seems that it's not
possible to specify options to SOAP::WSDLDriverFactory.new, such as an
SSL cert .

Joseph Gutierrez
Web Developer - Inc21
(e-mail address removed)

 

[Venkat Alla]

I am using ruby 1.8.6 on Mac OS X box. Forgot to mention that in my
first post. Please let me know if you have any thoughts on this. I am
still stuck on this

 

[Steven Williamson]

[Note: parts of this message were removed to make it a legal post.]

Hi guys,

To add the certs to your trusted list using openssl at least you can google
for the procedure. Basicaly you add the cert to /etc/openssl/certs and
create a symlink to it. The symlinks name should be the fingerprint of the
certificate. Openssl will then trust the cert.

As for macosx I have no idea I don't run it

You could also search the ruby api docs there should be an option to disable
the verification of certificates. Though this may not be an option.

Cheers

Steve.


I am using ruby 1.8.6 on Mac OS X box. Forgot to mention that in my
first post. Please let me know if you have any thoughts on this. I am
still stuck on this

-- Posted via http://www.ruby-forum.com/.

 

[Venkat Alla]

This is for my tool at the place of work and there is no harm in
trusting this cert as it belongs to one of our internal groups. I have
saved the certificate using firefox. But not sure how to make the
openssl to trust it. Any clues will be greatly appreciated.

Thanks
Venkat

 

[Steven Williamson]

[Note: parts of this message were removed to make it a legal post.]

Hi,

You can follow the guide at:
http://gagravarr.org/writing/openssl-certs/others.shtml#ca-openssl

Cheers
Steve

 

[Venkat Alla]

Thanks Steve for the link. I thought I did pretty much everything
mentioned in that page but still getting this error -

"error 20 at 0 depth lookup:unable to get local issuer certificate"

 

[Yesh Sriram]

I am having the same problem. Is adding the cert to your trusted certs
list a Ruby thing or a system related task? It seems that it's not
possible to specify options to SOAP::WSDLDriverFactory.new, such as an
SSL cert .

Joseph Gutierrez
Web Developer - Inc21
(e-mail address removed)

If you want to ignore SSL verification simply set the following property
on the driver object

obj.options["protocol.http.ssl_config.verify_mode"] =
OpenSSL::SSL::VERIFY_NONE

I got the answer from soap4r discussion in google groups.
http://groups.google.com/group/soap4r

- Yesh