While trying to use OpenURI in Ruby to connect to a https site, I kept running into an error with certificates - OpenSSL::SSL::SSLError: certificate verify failed.
After some digging around on google I found a lot of solutions, but all of them involved manually specifying a path to a cert file or disabling certificate verification entirely, or both. For the code I'm writing the linux boxes it's deployed on don't have this problem so I wasn't happy with either solution. Adding extra code and cert files to the codebase just for my dev box, or skipping verification both seemed like Bad Ideas™.
Turns out the solution is actually pretty simple. The problem is that while openssl is included by OS X complete with the standard Root Certificates that are needed for this to work, they are only available via Keychain. This means Ruby has no access to these certificates, and can't verify any SSL certificates.
To fix it, open "Keychain Access" and select all the certificates under "System Roots", then export them (right click) to a cert.pem file and put it in:
/System/Library/OpenSSL
That's it.
If you want, you could probably grab the list from haxx.se instead, which is extracted from mozilla.