Hello! I have a pfx certificate with which I need to log in to a specific URL to receive and send data. Certificate self-signed.

Made from it pem files:

 openssl pkcs12 -in client_ssl.pfx -out client_smsgate-in.pem -clcerts openssl pkcs12 -in client_ssl.pfx -out ca_client_smsgate-in.pem -cacerts

Then I try to connect:

 require "net/https" require "uri" uri = URI.parse("myurl.ru") pem = File.read("client_smsgate-in.pem") http = Net::HTTP.new(uri.host, uri.port) http.use_ssl = true http.ca_file = File.read("ca_client_smsgate-in.pem") http.verify_mode = OpenSSL::SSL::VERIFY_PEER http.cert = OpenSSL::X509::Certificate.new(pem) http.key = OpenSSL::PKey::RSA.new(pem, 'pass') request = Net::HTTP::Get.new(uri.request_uri) response = http.request(request)

It gives an error: lib/ruby/2.2.0/net/http.rb:923:in 'connect': SSL_connect returned=1 errno=0 state=unknown state: certificate verify failed (OpenSSL::SSL::SSLError) If you put OpenSSL::SSL::VERIFY_NONE then works. Tell me what's wrong, because I CA cert pointed to him?

  • Try to connect to the server using openssl s_client and look at the certificate to be given: who signed it, if there are intermediate CAs, what dates, etc. - Roman Khimov
  • The public key CA is needed to verify the server certificate, is it also self-signed? - D-side

0