When you're writing server to server communication locally, and these servers are running behind some proxy like puma-dev that enables SSL connections, you may face issues with OpenSSL (or variant) not trusting the connections. That is good, you want OpenSSL not to trust just any random certificate. But how to make it pass?
Your web browser probably allows you to visit a page on a server and even approve the certificate. You should then export the chain as .pem (Firefox makes this pretty easy: click on the lock, view security, view certificate, go to the "CA"-tab for that certificate and export the chain.
This PEM chain is just a plain text file, containing the public certificates of your local 'CA' (created by Puma-Dev)
Copy the text using an editor of choice.
And now open up: /opt/homebrew/etc/ca-certificates/cert.pem and add it.
Also make sure that everything uses this cert.pem by symlinking it to this file, so for example with ruby run
$ ruby -ropenssl -...
- twitter 22 Jan 900 #microservices (zo noemen ze het hier niet) @Belastingdienst vet hip! https://t.co/enyHyV0YRi
- twitter 16 Oct ´19 #Microservices based architecture may work when the services are available when you're developing. Not when you nee… https://twitter.com/i/web/status/1184460633389125632
Dit artikel van murblog van Maarten Brouwers (murb) is in licentie gegeven volgens een Creative Commons Naamsvermelding 3.0 Nederland licentie .