SSL upgrades on rubygems and RubyInstaller versions

‘unable to download … ssl error’ .. You get this error when trying to pull updates from ruby gems.

This is a brief explanation of the problem and the workaround.


For those who are not familiar with SSL and certificates, there are many parts that make secure serving of content possible.

SSL certificates are used on the website, which are obtained from a certificate authority (CA) and generated from a private key, along with its respective signature.

Normally and up until a few months ago, private key signatures used SHA-1 as way to provide a digest (or checksum) of the private key without distributing the key itself (remember, needs to remain private).

SHA-1 has been encountered weak and lot of web servers and sites have been upgrading towards SHA-2 (specifically SHA256 or higher) in order to prepare for the browsers changes.

Specific problem with RubyGems

The particular case of RubyGems (the command line tool) is that it requires to bundle inside of its code the trust certificates, which allow RubyGems to establish a connection with the servers even when base operating system is unable to verify the identity of them.

Up until a few months ago, this certificate was provided by one CA, but newer certificate is provided by a different one.

Because of this, existing installations of RubyGems would have to been updated before the switch of the certificate and give enough time for the change to spread (and people to update).

As what normally happens with software, things might get out of sync and coordinate such effort, to the size and usage of is almost impossible.

We had discussed also on IRC, and patches and backports were provided to all major branches of RubyGems: 1.8, 2.0, 2.2 and 2.4

You can find the commits associated with these changes here:

Problem is, only RubyGems 2.4.4 got released, leaving Ruby installation with 1.8, 2.0 and 2.2 in a broken state.

Specially since RubyGems 2.4 is broken on Windows.

Please understand this could happen to anyone. Release multiple versions of any software in a short span of time and be very time sensitive is highly complicated.

Even if we have official releases of any of the versions that correct the issue, it will not be possible install those via RubyGems (chicken-egg problem described before).

Once official releases are out, installation might be simpler. In the meantime, please proceed using the instructions described below.

Installing using update packages (NEW)

Now that RubyGems 1.8.x, 2.0.x and 2.2.x have been released, you can manually update to those versions.

First, download the proper version of RubyGems for your installation (eg. if running version 1.8.28, download 1.8.30).

Note: To find the version of RubyGems you’re using, please run gem --version in the command line.

You can find download links at GitHub under Releases.

Now, locate rubygems-update-X.Y.Z.gem where X.Y.Z will be the matching version for the version of RubyGems you need to update:

  • Running 1.8.x: download 1.8.30
  • Running 2.0.x: donwload 2.0.15
  • Running 2.2.x: download 2.2.3

Please download the file in a directory that you can later point to (eg. the root of your harddrive C:\)

Now, using your Command Prompt:

C:\>gem install --local C:\rubygems-update-1.8.30.gem
C:\>update_rubygems --no-ri --no-rdoc

After this, gem --version should report the new update version.

You can now salefy uninstall rubygems-update gem:

C:\>gem uninstall rubygems-update -x
Removing update_rubygems
Successfully uninstalled rubygems-update-2.2.3

Manual solution to SSL issue

If you have read the above detail that describe the issue, thank you.

Now, you want to manually fix the issue with your installation.

Steps are simple:

  • Step 1: Obtain the new trust certificate
  • Step 2: Locate RubyGems certificate directory in your installation
  • Step 3: Copy new trust certificate
  • Step 4: Profit

Step 1: Obtain the new trust certificate

If you’ve read the previous sections, you will know what this means (and shame on you if you have not).

We need to download AddTrustExternalCARoot-2048.pem.

Use the above link and place/save this file somewhere you can later find easily (eg. your Desktop).

IMPORTANT: File must have .pem as extension. Browsers like Chrome will try to save it as plain text file. Ensure you change the filename to have .pem in it after you have downloaded it.

Step 2: Locate RubyGems certificate directory in your installation

In order for us copy this file, we need to know where to put it.

Depending on where you installed Ruby, the directory will be different.

Take for example the default installation of Ruby 2.1.5, placed in C:\Ruby21

Open a Command Prompt and type in:

C:\>gem which rubygems

Now, let’s locate that directory. From within the same window, enter the path part up to the file extension, but using backslashes instead:

C:\>start C:\Ruby21\lib\ruby\2.1.0\rubygems

This will open a Explorer window inside the directory we indicated.

Step 3: Copy new trust certificate

Now, locate ssl_certs directory and copy the .pem file we obtained from previous step inside.

It will be listed with other files like GeoTrustGlobalCA.pem.

You should be able to install Ruby gems without issues now.

How to install moodle in Kali (Debian)

Web Server (Apache highly recommended)
Database Server (MySQL or PostgreSQL recommended)
PHP, PHP-MySQL mod (or mod for your database)
Various PHP modules necessary for Moodle
-apt-get install apache2 php5 mysql-server php5-mysql libapache2-mod-php5 php5-gd php5-curl php5-xmlrpc php5-intl php-mbstring curl libcurl3-dev libcurl3
#(important for postgresql database usage)
-apt-get install php5-pgsql
-apt-get install clamav-base clamav-freshclam clamav(The clamav package will support virus checking on file uploads into Moodle. May have to run it again
to configure properly)

then change php settings by opening this file: php.ini
-vi /etc/php5/apache2/php.ini
then add these lines under Dynamic extensions
(here you are configuring php to communicate properly with mysql)

(here you are configuring php to communicate properly with postgresql)

then search and adjust these values accordingly
memory_limit=40M(mine was 128M so i didnt change)
post_max_size = 80M
upload_max_filesize = 80M

SETUP DATABASE(Postgresql recommended)
login to automatic postgres user(its the default user for postgresql)
-sudo su postgres
Log into the PostgreSQL command line client
-psql -U postgres
After some preamble you should see the prompt postgres=#.

Create the user for the Moodle database and assign a password:
-CREATE USER moodleuser WITH PASSWORD ‘moodleuser123’;

Create the database:
postgres=# CREATE DATABASE moodle WITH OWNER moodleuser;

**Character set and encoding
CREATE DATABASE moodle WITH OWNER moodleuser ENCODING ‘UTF8′ LC_COLLATE=’en_US.utf8′ LC_CTYPE=’en_US.utf8’ TEMPLATE=template0;

first create a directory where moodle will be installed
-mkdir /var/www/moodle
-Download moodle from the site:
go to the directory containing the download
– tar xzpf moodle-latest-28.tgz -C /var/www/
make moodledata directory
-mkdir /var/www/moodle/moodledata

Set permissions(www-data is apache in debian)
-chown -R www-data:www-data /var/www/moodle/moodle/
-chmod -R 0755 /var/www/moodle/moodle/

-chown -R www-data:www-data /var/www/moodle/moodledata/
-chmod 0755 /var/www/moodle/moodledata/

(Optional step,though this is what i did;saves time typing the whole path to the moodle directory)
Change Apache to use Moodle as website
Note that the server comes with Apache running and looking at the /var/www directory. But there is nothing in that folder, so one just gets a redirect. Edit as follows to have it point at Moodle instead:
-vi /etc/apache2/sites-available/default

On about line 4, change DocumentRoot “/var/www/moodle/moodle” to
DocumentRoot “/var/www/moodle”
On about line 10, change <Directory “/var/www/moodle/moodle”> to
<Directory “/var/www/moodle/”>

Final Install
(if option above was used,first time install = localhost/install.php)

type : localhost/moodle/moodle in browser

How to install Odoo/Openerp in Kali (Debian)

After clean install
– update and upgrade system

Add user ‘openerp’ and such that it belongs to group’openerp’
–sudo adduser –system –home=/opt/openerp –group openerp.
-sudo su – openerp -s /bin/bash

login in back as root create passwd and add user to sudo
create password for user ‘openerp’as root
-passwd openerp

Add openerp to sudo group
usermod -a -G sudo openerp

Install postgresql
-sudo apt-get install postgresql
-sudo apt-get install pgadmin3
then start service:
– sudo service postgresql start
then log in postgre
-sudo su postgres e.g openerp@openerp-desktop:/$ sudo su postgres
then create user openerp
-createuser openerp
(y for super user)
view table created
-psql -l
select template and add rights
-psql template1
-template1=# alter role openerp with password ‘postgres’;
then exit (Ctrl+D)

Installation of Odoo


log on as root
(-adding the download URL (address) to the aptitude repository sources as root)

-echo “deb ./” >> /etc/apt/sources.list
then update system
-apt-get update
(Note: The OpenERP package itself is not signed, and a cryptographic key is not provided. Therefore, aptitude will warn you that it can not be authenticated, requesting you to install it without verification)
then install openerp

logon back as openerp
-sudo mkdir /var/lib/openerp
-apt-get install openerp
confirm dependancies and without verification
then start apache2
-service apache2 start

Add the following line to the openerp-server.conf/odoo-server.conf file:
logfile = /var/log/openerp/openerp-server.log/(logfile = /var/log/odoo/odoo-server.log)
-vi /etc/openerp/openerp-server.conf

then make the log file
-sudo mkdir /var/log/openerp OR (odoo) depending

Add permissions
add permissions to user ‘openerp’ to the openerp-server configuration file
-sudo chown openerp: /etc/openerp/openerp-server.conf
sudo chmod 640 /etc/openerp/openerp-server.conf

add permissions to openerp,assuming the openerp server is running under user’openerp’,to install addons
-chmod 775 /usr/lib/python2.7/dist-packages/openerp/addons/
-chown root.openerp /usr/lib/python2.7/dist-packages/openerp/addons/

-To start the Odoo server type:
sudo /etc/init.d/openerp start
sudo service openerp start

Download the latest file
Install OpenERP server.
-sudo dpkg -i openerp_6.1-1-1_all.deb
-sudo apt-get install openerp -f
reboot and start server

Access the Web Client using http://ip:8069
in case of this error:DataError: new encoding (UTF8) is incompatible with the encoding of the template database (SQL_ASCII
do the following:
sudo -u postgres psql postgres
update pg_database set datallowconn = TRUE where datname = ‘template0’;
\c template0
update pg_database set datistemplate = FALSE where datname = ‘template1’;
drop database template1;
create database template1 with template = template0 encoding = ‘UTF8’;
update pg_database set datistemplate = TRUE where datname = ‘template1’;
\c template1
update pg_database set datallowconn = FALSE where datname = ‘template0’;
(press Ctrl-D to quit from psql)
restart odoo and try again.