Product SiteDocumentation Site

2.7.1. Certificate store

Class OpenSSL::X509::Store implements certificate store in Ruby. Certificate store is similar to store in web browsers - it contains trusted certificates that can be used to verify certificate chain. When new certificate store is created, it contains no trusted certificates by default.
To populate certificate store with certificates, use one of methods:
  • Store#add_file takes a path to DER/PEM encoded certificate
  • Store#add_cert takes instance of X509::Certificate
  • Store#add_path takes a path to a directory with trusted certificates
  • Store#set_default_path adds certificates stored in default certificate area
OpenSSL installation usually creates a directory, which stores several trusted certificates (approach similar to web browsers, that also come with predefined certificate store). To populate certificate store with certificates that come with OpenSSL use Store#set_default_path. The path to default certificate area is defined as:
>> OpenSSL::X509::DEFAULT_CERT_AREA
=> "/etc/pki/tls"