After enabling SSL on a couple of apps, I got an email from one of my cron jobs telling me my SOAP API was no longer working. (This is why you always want to have an entry in /etc/aliases forwarding root’s email to an account you will read)
The error message was “unable to get local issuer certificate.” I thought, no big deal, there must be an easy way to get SOAP4R to find all the root CA certificates. Unfortunately it took a while searching Google to find the right answer, so I’m posting it here to make it easier for the next person (which just might be me next week).
It turns out SOAP4R will read a file called “soap/property” in your ruby library path (which can usually be the directory your app is in). You can place certain configuration options in this file to control how SOAP4R behaves. In this case, I needed to add
This fixed the “unable to get local issuer certificate” error right away.
There was another problem though; it was complaining about the hostname not matching the certificate. Since I’m using a wildcard certificate, I assume this means OpenSSL doesn’t respect wildcard certificates. I grudgingly added this to soap/property file
And it’s fine now.