Error! Could not verify Stripe's SSL certificate. - ruby-on-rails

I am trying to use Stripe with my Ruby app and keep getting this error:
Error! Could not verify Stripe's SSL certificate. Please make sure that your network is not intercepting certificates. (Try going to https://api.stripe.com/v1 in your browser.) If this problem persists, let us know at support#stripe.com. (Network error: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed).
Why am I getting this? Any help would be greatly appreciated.
Thanks!

Stripe's Ruby bindings verify the HTTPS certificate on Stripe's servers (api.stripe.com) to ensure you're really communicating with Stripe and not with a malicious third-party (a.k.a. a "man-in-the-middle attack").
There are a number of reasons that can cause this error. First, you should make sure you're using the latest versions of the following:
the stripe-ruby gem
the rest-client gem
Ruby
OpenSSL
If you're working in a corporate environment, it's possible your firewall replaces HTTPS certificates in order to be able to decrypt HTTPS traffic. (This is essentially the same thing as a man-in-the-middle attack.)
If you're still having this issue, you can disable the SSL verification by including this line:
Stripe.verify_ssl_certs = false
However, I would strongly advise against doing this. It might be okay in a development environment, but you should never do this in a production environment.
EDIT: We're currently investigating this issue -- it seems it might have been introduced in a recent version of the stripe-ruby gem. For now, it seems downgrading to version 1.34.0 will fix the "Could not verify Stripe's SSL certificate" issue.

Open terminal.
Run command $curl -v https://api.stripe.com
For intermittent issue like I had you may have to run this command 10 to 20 times back to back. Then stop and start again until you see the error.
The IP address it attempts to connect to should match an IP address of the domain you are trying to access. For stripe you can check valid ip addresses here https://stripe.com/docs/ips
If the IP address does not match or if the IP address is the same as your network then you could be experiencing man in the middle attack.
In my case I was experiencing this issue with aws and stripe because they use curl to connect. Returning error 60 no alternative certificate subject name matches target host name.
A workaround is to edit /etc/hosts file.
Hard code an IP address of the endpoint
XXX.XXX.X.X api.stripe.com
This will stop the issue, but should be revisited because your application will fail in the future if the IP address for the endpoint is changed or removed.

Related

Rails Heroku Cloudflare SSL and websockets

I have set up my Rails app on Heroku and used the information in the post: Heroku + Cloudflare completely free SSL to get SSL working for free, but my websockets connection does not work. I get the error WebSocket connection to 'wss://www.myapp.com/websocket' failed: Error during WebSocket handshake: Unexpected response code: 200. I understand that this is due to Cloudflare not supporting websockets in their free plans and they suggest setting up a subdomain that does not pass through Cloudflare. The problem of course is that the subdomain cannot then use the 'free' SSL setup.
Is there anyway I can get this to work, or do I have to shell out for either SSL support on Heroku or Websocket support on Cloudflare?
I know this is an old thread.
But now cloudflare supports websocket for free plan as well. It just restricts the ports which can be used.
I recently encountered this situation and could implement the websockets through cloudflare.
Can refer my approach here
May help someone.

API attempt from Heroku results in DNS error 'SocketError: Hostname not known'

I'm running an application on Heroku that attempts to connect to MailChimp using the Gibbon gem (to add an email address to a mailing list). The API connection fails. The Heroku error logs show:
SocketError: getaddrinfo: Name or service not known
I saw a blog post (thanks Mike Subelsky)
that recommends adding require 'resolv-replace.rb' to the application in a config/initializer/requires.rb file, so I tried that. Now the Heroku error logs show:
SocketError: Hostname not known: 8c7d675bb0b8.api.mailchimp.com
I'm not sure where the strange hostname comes from. The host "api.mailchimp.com" exists but "8c7d675bb0b8.api.mailchimp.com" doesn't exist.
The application works in development on my local machine. And other applications on Heroku that use the same code also work without a problem.
What's going on and how can I fix it?
I had this same issue and finally found what was causing it. When I set my api key on Heroku, I was missing the -us4 on the end. The Mailchimp api library splits on the "-" and prepends the us4 to build the api url.

Why the SSL connection to the remote server could not be established?

My project is on Ruby On Rails.
I am using activemerchant gem for authorize.net payment gateway.
Recently I have renewed SSL license.
When I am trying to update info it gives me error The SSL connection to the remote server could not be established.
I am using CIM module for authorize.net.
Please help me with this.
Below Links might be helpful:
http://railsapps.github.io/openssl-certificate-verify-failed.html
bundle install fails with SSL certificate verification error
https://github.com/rubygems/rubygems/issues/515
http://www.buildingwebapps.com/articles/79189-using-ssl-in-rails-applications
http://blog.dynamic50.com/2011/02/15/ssl-on-wildcard-domains-on-heroku-using-godaddy/
http://railsapps.github.io/openssl-certificate-verify-failed.html

Worklight adapter connecting to backend over SSL

WL 5.0.6, HTTP adapter, running on Liberty
We want to make simple connection from our adpater to a backend over SSL, the backend team have provided us their certificate.
Our symptom is
FWLSE0101E: Caused by: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
We have read the infocenter here but clearly have got something wrong. Steps we took
Used the JRE keystore tool to add the cert to a keystore.
Adjusted the worklight properties to point to the kaystore.
Restarted the WL Server
Any suggestions for how to diagnose or fix?
The issue in this case was that the certificate referenced hosts that were not visible to our DNS server. We worked around this by adding entries to /etc/hosts.

Rails 3, mail and OpenSSL problems

I keep getting this error in my production enviroment
OpenSSL::SSL::SSLError (hostname was not match with the server certificate)
I really don't know much about certificates. I have configured rails to use sendmail. Sendmail is working well in other php applications on the server.
I use Phusion Passenger.
I also have a redmine-app which uses sendmail and also works fine (but it runs rails 2.x)
Any idea how to solve this?
This means the SSL Certificate installed on the mail server did not match its hostname.
You can disable these exceptions, but then you are vulnerable to man-in-the-middle attacks.
The other option is to get a proper SSL Certificate (or install it correctly) for your mail server.
For more on SSL Certs I suggest superuser.com

Resources