Mike Wernsing wrote: >> > server.options["protocol.http.ssl_config.verify_mode"] = nil > >> if the certificate (.crt) , I don't understanding how do you 've a >> variable named "server" with an options hash.. > > Hopefully this may clarify, > > wsdl = 'https://some.com/something.wsl' > factory = SOAP::WSDLDriverFactory.new( wsdl ) > drv = factory.create_rpc_driver > drv.options[ 'protocol.http.ssl_config.ca_file' ] = nil > > alternatively: > > drv.options['protocol.http.ssl_config.verify_mode'] = > openSSL::SSL::VERIFY_NONE > > some other possibly useful options: > > drv.options['protocol.http.ssl_config.verify_mode'] = > OpenSSL::SSL::VERIFY_PEER > drv.options['protocol.http.ssl_config.ca_file'] = 'api_cert_chain.crt' > drv.options['protocol.http.ssl_config.client_cert'] = 'client.cert' > drv.options['protocol.http.ssl_config.client_key'] = 'client.keys' Should be noted that the above actually does not checks the actual server (peer) certificate. It only validates that the peer certificate is signed by / issued by the 'api_cert_chain.crt'. To actually validate the server cert use : drv.options['protocol.http.ssl_config.verify_callback'] = method(:validate_certificate) where method validate_certificate looks like: def validate_certificate(is_ok, ctx) cert = ctx.current_cert # Only check the server certificate, not the issuer unless (cert.subject.to_s == cert.issuer.to_s) is_ok &&= File.open('server_cert.pem').read == ctx.current_cert.to_pem end is_ok end emil -- Posted via http://www.ruby-forum.com/.