[RAILS] How to resolve SSL_connect error in PayPal Ruby SDK

Introduction

Recently, I got an error with PayPal Ruby SDK, but the solution is that there is no Japanese information even if I search Google, and English is hardly hit, so make a note. It seems to have happened in the last few days.

SSL_connect returned=1 errno=0 state=error: certificate verify failed (unable to get local issuer certificate)

1. Cause

The cause is on the PayPal side. PayPal Ruby SDK Gem has packaged the SSL certificate internally, and this certificate was recently removed. I don't know why PayPal made it so that the certificate goes into the Gem, but you can fix it by hacking the SDK.

2. Solution

You can fix it by adding the PEM that is still expired to the certificate inside the SDK and restarting the Rails server.

3. Solution procedure

(1) Download PEM

Download the PEM announced by PayPal in the reference article. I used the DigiCert High Assurance EV Root CA, but I think any one is fine.

Where to get DigiCert High Assurance EV Root CA

Download here: https://www.digicert.com/digicert-root-certificates.htm

Download the DigiCert High Assurance EV Root CA PEM from here.

スクリーンショット 2020-08-04 午後10.29.53.png

(2) Search for the location of paypal.crt in the SDK

For Mac and Unix, use the find command to find it. For Rails apps, look under the application's root directory. In the Production environment, if you don't know where Ruby is, you can use sudo to search all from / (find / -name paypal.crt -print).

Since my server is AWS, I searched under ~ / as follows.

rails_root


[ec2-user@awsome_server ~]$ find ./ -name paypal.crt -print 2>/dev/null
./.rbenv/versions/2.7.0/lib/ruby/gems/2.7.0/gems/paypal-sdk-rest-1.7.4/data/paypal.crt

(3) Add PEM to paypal.crt

Check the contents of the downloaded PEM file.

Local Mac terminal


$ cat DigiCertHighAssuranceEVRootCA.crt.pem
-----BEGIN CERTIFICATE-----
MIIDxTCCAq2gAwIBAgIQAqxcJmoLQJuPC3nyrkYldzANBgkqhkiG9w0BAQUFADBs
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j
ZSBFViBSb290IENBMB4XDTA2MTExMDAwMDAwMFoXDTMxMTExMDAwMDAwMFowbDEL

Omitted on the way

Yzi9RKR/5CYrCsSXaQ3pjOLAEFe4yHYSkVXySGnYvCoCWw9E1CAx2/S6cCZdkGCe
vEsXCS+0yx5DaMkHJ8HSXPfqIbloEpw8nL+e/IBcm2PN7EeqJSdnoDfzAIJ9VNep
+OkuE6N36B9K
-----END CERTIFICATE-----

Edit paypal.crt found by find. The following lines 172 to 196 are the added parts. I just added it to the bottom, but note that it requires ====== and is separated by the exact name (DigiCert High Assurance EV Root CA).

Run on rails server


[ec2-user@awsome_server ~]$ sudo vi paypal.crt

    168 CEHwxWsKzH4PIRnN5GfcX6kb5sroc50i2JhucwNhkcV8sEVAbkSdjbCxlnRhLQ2pRdKkkirWmnWX
    169 bj9T/UWZYB2oK0z5XqcJ2HUw19JlYD1n1khVdWk/kfVIC0dpImmClr7JyDiGSnoscxlIaU5rfGW/
    170 D/xwzoiQ
    171 -----END CERTIFICATE-----
    172 DigiCert High Assurance EV Root CA
    173 =======================================================
    174 -----BEGIN CERTIFICATE-----
    175 MIIDxTCCAq2gAwIBAgIQAqxcJmoLQJuPC3nyrkYldzANBgkqhkiG9w0BAQUFADBs
    176 MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
    177 d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j
    178 ZSBFViBSb290IENBMB4XDTA2MTExMDAwMDAwMFoXDTMxMTExMDAwMDAwMFowbDEL
    179 MAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3
    180 LmRpZ2ljZXJ0LmNvbTErMCkGA1UEAxMiRGlnaUNlcnQgSGlnaCBBc3N1cmFuY2Ug

Omitted on the way

    191 eM7b41N5cdblIZQB2lWHmiRk9opmzN6cN82oNLFpmyPInngiK3BD41VHMWEZ71jF
    192 hS9OMPagMRYjyOfiZRYzy78aG6A9+MpeizGLYAiJLQwGXFK3xPkKmNEVX58Svnw2
    193 Yzi9RKR/5CYrCsSXaQ3pjOLAEFe4yHYSkVXySGnYvCoCWw9E1CAx2/S6cCZdkGCe
    194 vEsXCS+0yx5DaMkHJ8HSXPfqIbloEpw8nL+e/IBcm2PN7EeqJSdnoDfzAIJ9VNep
    195 +OkuE6N36B9K
    196 -----END CERTIFICATE-----

(4) Restart Rails server

It depends on the environment, but in my case I can restart with systemctl on AWS, so run it.

AWS


[ec2-user@awsome_server ~]$ sudo systemctl restart rails 

Now the SSL error disappears and you can make API calls normally.

Reference article

Recommended Posts

How to resolve SSL_connect error in PayPal Ruby SDK
How to iterate infinitely in Ruby
How to install Bootstrap in Ruby
How to get date data in Ruby
How to resolve OpenSSL :: SSL :: SSLError: SSL_connect on Ruby paypal-sdk-rest gem
How to display error messages in Japanese
How to find the cause of the Ruby error
[Ruby on Rails] How to display error messages
[Ruby on Rails] How to install Bootstrap in Rails
How to implement Pagination in GraphQL (for ruby)
How to resolve errors that occur in the "Ruby on Rails" integration test
[Ruby] How to use standard output in conditional branching
[Ruby On Rails] How to reset DB in Heroku
How to launch another command in a Ruby program
How to resolve Sprockets :: DoubleLinkError
How to resolve Git conflicts
How to use Ruby return
[Ruby] How to comment out
[Ruby] Introduction to Ruby Error statement
Ruby: How to use cookies
[Ruby] How to write blocks
How to change a string in an array to a number in Ruby
How to resolve Missing Template error when implementing comment function
How to retrieve the hash value in an array in Ruby
How to display a graph in Ruby on Rails (LazyHighChart)
[Ruby] How to batch convert strings in an array to numbers
How to use Lombok in Spring
How to find May'n in XPath
How to hide scrollbars in WebView
How to run JUnit in Eclipse
How to deal with 405 Method Not Allowed error in Tomcat + JSP
Try to implement Yubaba in Ruby
[Rails] How to write in Japanese
How to run Ant in Gradle
How to master programming in 3 months
How to install ruby through rbenv
[Ruby version error] How to solve Your Ruby version is ~, but your Gemfile specified ~
How to use Ruby on Rails
How to learn JAVA in 7 days
How to get parameters in Spark
How to write ruby if in one line Summary by beginner
[Ruby] How to use any? Method
How to use InjectorHolder in OpenAM
[Technical memo] How to resolve errors
How to introduce jQuery in Rails 6
How to use classes in Java?
How to get and add data from Firebase Firestore in Ruby
How to set Lombok in Eclipse
How to solve the unknown error when using slf4j in Java
[Rails] PG :: DuplicateTable: ERROR: relation "users" How to resolve already exists
How to use Ruby inject method
How to concatenate strings in java
How to install Swiper in Rails
AtCoder [Practice A] Technical memo
[Technical memo] How to resolve errors
[Technical memo] What is "include" in Ruby?
How to create a query using variables in GraphQL [Using Ruby on Rails]
What to do and how to install when an error occurs in DXRuby 1.4.7
How to implement gem "summer note" in wysiwyg editor in Ruby on Rails
How to debug the processing in the Ruby on Rails model only on the console
[Ruby] How to prevent errors when nil is included in the operation
How to insert processing with any number of elements in iterative processing in Ruby
[swift5] How to specify color in hexadecimal