OpenSSL::X509::Store

The X509 certificate store holds trusted CA certificates used to verify peer certificates.

The easiest way to create a useful certificate store is:

cert_store = OpenSSL::X509::Store.new
cert_store.set_default_paths

This will use your system's built-in certificates.

If your system does not have a default set of certificates you can obtain a set extracted from Mozilla CA certificate store by cURL maintainers here: curl.haxx.se/docs/caextract.html (You may wish to use the firefox-db2pem.sh script to extract the certificates from a local install to avoid man-in-the-middle attacks.)登录查看完整内容