Title: Getting CA certificates, re-examined Post by: ferrix on February 15, 2008, 12:47:05 AM For -s (--ssl) You used to be able to use just one certificate (with SSL_CERT_FILE) to identify all the s3.amazonaws.com, but recently AWS has started using more than one CA. So oops, syncs will start failing....
There is a debian package ca-certificates; this is what I'm using now. apt-get install ca-certificates and then use: SSL_CERT_DIR=/etc/ssl/certs But what if you don't know how to get certs for your platform in a format that ruby can digest? Well first I recommend seeing if your vendor has a "correct" way to get a trusted CA list set up. In case it's helpful, I synced my "/etc/ssl/certs" dir to ServEdge_pub:s3sync/certs So you can pull my copy of the certs dir down if you want. It turns out all the cert files are just symlinks to the ca-certificates.crt file. So you could just use s3cmd to get ServEdge_pub:s3sync/certs/ca-certificates.crt, and then use the SSL_CERT_FILE setting to point ruby at that. That's how I do it in Windows, because the symlinks don't translate cross platform anyway. Title: Re: Getting CA certificates, re-examined Post by: maelcum on February 15, 2008, 07:36:07 AM Works like a charm.
Thanks for providing the ca-certificates.cer directly! Makes things so much easier. Cheers maelcum |