On most unix system there is an application called dtrace which will tell you all the system calls made in real time, and it can filter on filesystem operations. So to cut a long story short, here's a simple guide to figuring out the CA file used by your openssl library.
- Start dtrace on filesystem calls and save the output into a file
- sudo dtrace -n 'syscall::open*:entry { printf("%s %s", execname, copyinstr(arg0))}' > dtrace.out
- Run the application which searches for does the CA lookup on the filesystem, this can be done in another terminal session.
- Grep the output file (dtrace.out) for the application name, and read the path
- cat dtrace.out | grep ruby