What to do when you get "SSL_connect returned=1 errno=0 state=error: certificate verify failed (self signed certificate in certificate chain)"

The authentication request to Forest was failing for us with the error SSL_connect returned=1 errno=0 state=error: certificate verify failed (self signed certificate in certificate chain):

It turns out that the forest-rails gem uses the Rails cache during the authentication. We use Redis as our cache store, through the Heroku Redis addon. And Redis 6 sometimes has issues with self-signed certificates. This is documented here: Redis Connection Issues - Heroku Help

We resolved the issue by adding the verify_mode: OpenSSL::SSL::VERIFY_NONE parameter when setting up the Rails cache store:

config.cache_store = :redis_cache_store, {
    url: ENV.fetch('REDIS_URL'),
    # Necessary for Redis 6 and our SSL certificate (see
    # https://help.heroku.com/HC0F8CUS/redis-connection-issues)
    ssl_params: {
      verify_mode: OpenSSL::SSL::VERIFY_NONE
    }
  }

I posted this to help anyone who has this issue and doesn’t know what to do. Maybe this can fix the issue for them too.

2 Likes

Hi @yoran, thanks a lot for sharing this tip! :heart: