The particular case of Ruby Gems (the command line tool) is that it requires to bundle inside of its code the trust certificates, which allow Ruby Gems to establish a connection with the servers even when base operating system is unable to verify the identity of them.
Up until a few months ago, this certificate was provided by one CA, but newer certificate is provided by a different one.
Make your own gem Gems with Extensions Name your gem Publishing your gem Security Practices SSL Certificate Update Patterns Specification Reference Command Reference Ruby Gems API Ruby API Run your own gem server Resources Contributing to Ruby Gems Frequently Asked Questions Plugins Credits in the window you already have open.
$ sudo gem update --system ERROR: While executing gem ...
The Debian-supported way to update rubygems is through apt-get, using Debian official repositories.
If you really know what you are doing, you can still update rubygems by setting the REALLY_GEM_UPDATE_SYSTEM environment variable, but please remember that this is completely unsupported by Debian.
You are responsible for knowing the source of the gems that you are using.
In a setting where security is critical, you should only use known-good gems, and possibly perform your own security audit on the gem code.