Homebrew and `puma-dev` and microservices Getting local servers with puma-dev certificates to communicate to each other over SSL

When you’re writing server to server communication locally, and these servers are running behind some proxy like puma-dev that enables SSL connections, you may face issues with OpenSSL (or variant) not trusting the connections. That is good, you want OpenSSL not to trust just any random certificate. But how to make it pass?

Your web browser probably allows you to visit a page on a server and even approve the certificate. You should then export the chain as .pem (Firefox makes this pretty easy: click on the lock, view security, view certificate, go to the “CA”-tab for that certificate and export the chain.

This PEM chain is just a plain text file, containing the public certificates of your local ‘CA’ (created by Puma-Dev)

Copy the text using an editor of choice.

And now open up: /opt/homebrew/etc/ca-certificates/cert.pem and add it.

Also make sure that everything uses this cert.pem by symlinking it to this file, so for example with ruby run

 $ ruby -ropenssl -e 'puts OpenSSL::X509::DEFAULT_CERT_FILE' 

and

$ ln -s /opt/homebrew/etc/ca-certificates/cert.pem $THEPATHRETURNED