Fixing “Could not verify the SSL certificate”

We have received reports that a limited number of customers were experiencing SSL certificate errors when using Gemfury with RubyGems or Bundler. This was happening quite unpredictably and we have been having trouble tracking down the environment and steps to reproduce this following error: Could not verify the SSL certificate for… Given that we are still hearing about this problem, we are posting this article to summarize the steps that have helped to remedy this issue. Vulnerability Explained

After evaluating Gemfury’s processing of RubyGems, we feel it is important to share our understanding and bring awareness to possible security issues when parsing untrusted YAML input.

On January 30, 2013, the community package server was compromised with a rogue code execution vulnerability. The all-volunteer team sprung to action and in the following 53 hours yanked the expoit, patched the vulnerability, verified all the existing gems, and migrated the service to AWS. As of today, the service has been restored and deemed safe for use.


Installing private RubyGems

Once you have signed up for a Gemfury account and uploaded a few Gems, you can install them via the command-line, or with a Bundler Gemfile. Your private Source URL The secret Source URL is the RubyGems endpoint for your Gemfury account. Do not share this URL to keep your account private. To retrieve this URL, follow these steps: Go to your dashboard Select the Get Started tab and then RubyGems 

Private Gems on Heroku

Gemfury is your personal cloud for your private and custom RubyGems. Once you upload your RubyGem and enable Gemfury as a source, you can securely deploy any gem to any host. It’s simple, reliable, and hassle-free. Is this right for you? Heroku add-on is easy to activate, but it provides a limited subset of Gemfury functionality. If you would like to learn about all the options available, please visit Gemfury homepage or learn more about using Gemfury with Rubygems. 

Introducing Gemfury for Ruby

Today we’re officially launching Gemfury to finally bring all the conveniences of RubyGems to your private Gems. What started as an internal collection of scripts has finally turned into a “real thing.” We love using it, and hope that you will too.

Gemfury Screenshot