General Category => General Discussion => Topic started by: ferrix on February 15, 2008, 12:47:05 AM

Title: Getting CA certificates, re-examined
Post by: ferrix on February 15, 2008, 12:47:05 AM
For -s (--ssl) You used to be able to use just one certificate (with SSL_CERT_FILE) to identify all the s3.amazonaws.com, but recently AWS has started using more than one CA.  So oops, syncs will start failing....

There is a debian package ca-certificates; this is what I'm using now.
apt-get install ca-certificates
and then use:

But what if you don't know how to get certs for your platform in a format that ruby can digest?
Well first I recommend seeing if your vendor has a "correct" way to get a trusted CA list set up. 

In case it's helpful, I synced my "/etc/ssl/certs" dir to ServEdge_pub:s3sync/certs
So you can pull my copy of the certs dir down if you want.  It turns out all the cert files are just symlinks to the ca-certificates.crt file.  So you could just use s3cmd to get ServEdge_pub:s3sync/certs/ca-certificates.crt, and then use the SSL_CERT_FILE setting to point ruby at that.  That's how I do it in Windows, because the symlinks don't translate cross platform anyway.

Title: Re: Getting CA certificates, re-examined
Post by: maelcum on February 15, 2008, 07:36:07 AM
Works like a charm.
Thanks for providing the ca-certificates.cer directly! Makes things so much easier.