This is more of a note-to-self than a full post, but maybe this will be helpful to someone. Anyway, recently I’m working mostly with cloud infrastructure, Ruby, and bits of Python. On my OSX machine, Ruby Amazon EC2 libraries would fail, because they could not verify the server (see excon#13). Turns out that OSX, unlike Linux, keeps root CA certificates in its keychain, and not all libraries and programs know how to access it. The default directory for certificates,
/System/Library/OpenSSL/certs/, is empty.
What do I do about it? Simple: steal certificates from Debian (using dpkg from macports):
mkdir cacert ; cd cacert
dpkg-deb -x ../ca-certificates_20110421_all.deb .
sudo cp -Rv ./usr/share/ca-certificates/* /System/Library/OpenSSL/certs
Now, excon connects to EC2 servers safe that at least some authority signed off on the connection, and I can sleep safely at night.