In Files

  • openssl/lib/openssl/x509.rb
  • openssl/ossl_ssl_session.c


Class/Module Index [+]



Document-class: OpenSSL::X509::Store

The X509 certificate store holds trusted CA certificates used to verify
peer certificates.

The easiest way to create a useful certificate store is:

  cert_store =

This will use your system's built-in certificates.

If your system does not have a default set of certificates you can
obtain a set from Mozilla here:
(Note that this set does not have an HTTPS download option so you may
wish to use the script to extract the certificates
from a local install to avoid man-in-the-middle attacks.)

After downloading or generating a cacert.pem from the above link you
can create a certificate store from the pem file like this:

  cert_store =
  cert_store.add_file 'cacert.pem'

The certificate store can be used with an SSLSocket like this:

  ssl_context =
  ssl_context.cert_store = cert_store

  tcp_socket = '', 443

  ssl_socket = tcp_socket, ssl_context

Commenting is here to help enhance the documentation. For example, code samples, or clarification of the documentation.

If you have questions about Ruby or the documentation, please post to one of the Ruby mailing lists. You will get better, faster, help that way.

If you wish to post a correction of the docs, please do so, but also file bug report so that it can be corrected for the next release. Thank you.

If you want to help improve the Ruby documentation, please see Improve the docs, or visit

blog comments powered by Disqus