That sometimes happens if the default 'OpenSSL directory' is not set correctly with the native OpenSSL library. open-uri uses OpenSSL::X509::Store#set_default_pathsin order to tell OpenSSL to look in the OpenSSL directory for the file that contains the trusted root certificates that OpenSSL trusts by default.

如果未使用本机 OpenSSL 库正确设置默认的“OpenSSL 目录”，有时会发生这种情况。open-uri 用于OpenSSL::X509::Store#set_default_paths告诉 OpenSSL 在 OpenSSL 目录中查找包含 OpenSSL 默认信任的受信任根证书的文件。

In your case, this lookup fails. You can make it succeed by setting an environment variable that overrides the default setting and tells OpenSSL to look in that directory instead:

在您的情况下，此查找失败。您可以通过设置一个覆盖默认设置的环境变量并告诉 OpenSSL 在该目录中查找来使其成功：

export SSL_CERT_FILE=/etc/pki/tls/cert.pem

That's the default location for the root CA bundle on my Fedora 16 64 bit, other popular locations are /etc/ssl/ca-bundle.crt etc. In your case, the OpenSSL library used by RVM is located in $rvm_path/usr, so you should look around there for a suitable candidate for the default root CA file. After the environment variable is set correctly, the call to open-uri will succeed.

这是我的 Fedora 16 64 位上根 CA 包的默认位置，其他流行的位置是 /etc/ssl/ca-bundle.crt 等。在您的情况下，RVM 使用的 OpenSSL 库位于 $rvm_path/usr，因此，您应该四处寻找适合默认根 CA 文件的候选者。环境变量设置正确后，调用open-uri就会成功。

To make the environment variable permanent, use the usual ways such as defining the export in .bashrc, /etc/profile or whatever fits best in your situation.

要使环境变量永久化，请使用通常的方法，例如在 .bashrc、/etc/profile 或任何最适合您情况的文件中定义导出。

The cacert.pem file is missing from rvm installed openssl.

rvm 安装的 openssl 中缺少 cacert.pem 文件。

$ cd $rvm_path/usr/ssl
$ sudo curl -O http://curl.haxx.se/ca/cacert.pem
$ sudo mv cacert.pem cert.pem

Add the 'certified' gem to your Gemfile.

将“认证”gem 添加到您的 Gemfile 中。

More info: https://rubygems.org/gems/certified

更多信息：https: //rubygems.org/gems/certified

See http://jjinux.blogspot.nl/2012/02/ruby-working-around-ssl-errors-on-os-x.htmlas an alternative answer to your question, it should work for both Ubuntu and Mac OS X users and it doesn't require a change in the environment variables.

请参阅http://jjinux.blogspot.nl/2012/02/ruby-working-around-ssl-errors-on-os-x.html作为您问题的替代答案，它应该适用于 Ubuntu 和 Mac OS X用户，它不需要更改环境变量。

The solution from the above link:

上面链接的解决方法：

# config/initializers/fix_ssl.rb
# 
# Work around errors that look like:
#
#   SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed (OpenSSL::SSL::SSLError)

require 'open-uri'
require 'net/https'

module Net
  class HTTP
    alias_method :original_use_ssl=, :use_ssl=

    def use_ssl=(flag)
      # Ubuntu
      if File.exists?('/etc/ssl/certs')
        self.ca_path = '/etc/ssl/certs'

      # MacPorts on OS X
      # You'll need to run: sudo port install curl-ca-bundle
      elsif File.exists?('/opt/local/share/curl/curl-ca-bundle.crt')
        self.ca_file = '/opt/local/share/curl/curl-ca-bundle.crt'
      end

      self.verify_mode = OpenSSL::SSL::VERIFY_PEER
      self.original_use_ssl = flag
    end
  end
end

This did now work for me. Things starting working when I ran "brew doctor", which led me to clues like "unset SSL_CERT_DIR"

这现在对我有用。当我运行“brew doctor”时开始工作，这让我找到了“unset SSL_CERT_DIR”之类的线索

Check your system clock!!

检查您的系统时钟！

Hit this error on a virtual machine after a long period (1 week) without use. Updating my system clock fixed the issue immediately.

长时间（1 周）未使用后，在虚拟机上遇到此错误。更新我的系统时钟立即解决了这个问题。

If you're running ntpdthen ntpdate -b -u pool.ntp.orgwill do that for you.

如果你正在跑步，ntpd那么ntpdate -b -u pool.ntp.org会为你做到这一点。