我正在尝试设置一个私有geminabox服务器来保存我的项目正在开发的一些宝石。我有服务器设置,乘客nginx运行geminabox作为机架应用程序。我能够在不使用SSL的情况下捆绑安装指向服务器。
由于裸HTTP流量永远不是理想的,我也想添加SSL。为了获得一个概念验证工作,我添加了一个SSL证书并验证我仍然可以看到我安装了gem的geminabox前端。
当我回到我的ruby项目时,我运行一个bundle install并获取:
Could not verify the SSL certificate for https://********.com/.
There is a chance you are experiencing a man-in-the-middle attack, but most likely your system doesn't have the CA certificates needed for verification. For information about OpenSSL certificates, see bit.ly/ruby-ssl. To connect without using SSL, edit your Gemfile sources and change 'https' to 'http'.
在错误消息给我的链接之后,我决定首先添加〜/ .gemrc以及内容:
:ssl_verify_mode: 0
(不理想,而不是永久解决方案)。现在我明白了:
Fetching source index from https://***.com/
Resolving dependencies...
Could not verify the SSL certificate for
https://***.com/quick/Marshal.4.8/sqlite3-1.3.10-x86-mswin32-60.gemspec.rz.
There is a chance you are experiencing a man-in-the-middle attack, but most likely your system doesn't have the CA
certificates needed for verification. For information about OpenSSL certificates, see bit.ly/ruby-ssl. To connect without
using SSL, edit your Gemfile sources and change 'https' to 'http'.
我的问题是,如何在捆绑器中正确设置SSL验证?我应该使用另一种设置吗?感谢您提供任何帮助......
我的系统:
Ubuntu 14.04
Ruby 2.1.2
Bundler版本1.8.4
答案 0 :(得分:2)
这里是如何指定自定义CA证书文件的路径,而不是回答如何禁用验证(我不确定如何或是否可能,我不推荐它),这是一个更安全的解决方案:
bundle config --global ssl_ca_cert /path/to/file.pem
来源http://bundler.io/man/bundle-config.1.html#LIST-OF-AVAILABLE-KEYS