The error message was “unable to get local issuer certificate.”  I thought, no big deal, there must be an easy way to get SOAP4R to find all the root CA certificates.  Unfortunately it took a while searching Google to find the right answer, so I’m posting it here to make it easier for the next person (which just might be me next week).

It turns out SOAP4R will read a file called “soap/property” in your ruby library path (which can usually be the directory your app is in).  You can place certain configuration options in this file to control how SOAP4R behaves.  In this case, I needed to add

client.protocol.http.ssl_config.ca_file=/etc/ssl/certs/ca-certificates.crt


This fixed the “unable to get local issuer certificate” error right away.

There was another problem though; it was complaining about the hostname not matching the certificate. Since I’m using a wildcard certificate, I assume this means OpenSSL doesn’t respect wildcard certificates. I grudgingly added this to soap/property file

client.protocol.http.ssl_config.verify_mode=OpenSSL::SSL::VERIFY_NONE

And it’s fine now.