Thanx Brian for your points.. 1) I checked whether the certificate is signed using the following cmd: >openssl x509 -text -in sdk-cert.pem Certificate: Data: Version: 3 (0x2) Serial Number: 3389 (0xd3d) Signature Algorithm: sha1WithRSAEncryption Issuer: C=US..... Validity Not Before: Feb 23 16:28:12 2005 GMT Not After : Feb 21 16:28:12 2015 GMT Subject: CN=sdk-cert_api1.sdk.com... Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) Modulus (1024 bit): 00:a8:f8:c7:5d:e3: .................. Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: CA:FALSE Signature Algorithm: sha1WithRSAEncryption 09:31:0e:a5:c9:d8:69:0e:49:bd:99:46:49:75:a0:04:9e:19: ...................................................... -----BEGIN CERTIFICATE----- MIIClDCCAf2gAwIBAgICDT0wDQYJ.......... ...................................... -----END CERTIFICATE----- 2) Here am not sure whether the certificate is signed or not.. -- Also i tried the following cmd as you mentioned: > openssl s_client -connect www.paypal.com:443 Loading 'screen' into random state - done CONNECTED(00000764) depth=2 /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, I nc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification A uthority - G5 verify error:num=20:unable to get local issuer certificate verify return:0 --- Certificate chain 0 s:/1.3.6.1.4.1.311.60.2.1.3=US/1.3.6.1.4.1.311.60.2.1.2=Delaware/2.5.4.15=V1. ............................... --- Server certificate -----BEGIN CERTIFICATE----- MIIFxzCCBK+gAwIBAgIQa1UJlCEr......................... ........................................ -----END CERTIFICATE----- subject=/1.3.6.1.4.1.311.60.2.1.3=US/1.3.6.1.4.1.311.60.2.1.2=Delaware/2.5.4.15= ....................................................... --- No client certificate CA names sent --- SSL handshake has read 4404 bytes and written 314 bytes --- New, TLSv1/SSLv3, Cipher is DES-CBC3-SHA Server public key is 1024 bit Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1 Cipher : DES-CBC3-SHA Session-ID: 9BCA761FFA3C4DF596207BAEAA01328583E40418AFCC2273851B209B7D61850B Session-ID-ctx: Master-Key: D0DA9C2D6649033D39A7E248B53CC2D90FEFCC6F64E73794A8AF8D0095426899 04FA4B4FEBB3498AE2098E33FEA6C84E Key-Arg : None Start Time: 1283333209 Timeout : 300 (sec) Verify return code: 20 (unable to get local issuer certificate) --- read:errno=10054 --> Again am getting the same issue at last.. Still am not sure whether the way am using the certificates while connecting the server is correct or not? NB: The PEM certificate file has both the private key & the certificate. The Key file has only the private key that is specified in the certificate - file. If there's no CA (as mentioned in the above logs), is there any workaround - to solve the same ? Am totally blocked with this stuff.. Kindly enlighten me in resolving this issue.. ~ Charles -- Posted via http://www.ruby-forum.com/.