ちゃんと認証されているかつ対応するルート証明書が準備されている場合

require 'net/https'
https = Net::HTTP.new('ok.example.com',443)
https.use_ssl = true
https.ca_file = 'ca.pem'
https.verify_mode = OpenSSL::SSL::VERIFY_PEER
https.verify_depth = 5
https.start { |w|
response = w.get('/')
puts response.body

問題なく取得できる

証明書確認ができない場合（オレオレ認証）

require 'net/https'
https = Net::HTTP.new('ng.example.com',443)
https.use_ssl = true
https.ca_file = 'ca.pem'
https.verify_mode = OpenSSL::SSL::VERIFY_PEER
https.verify_depth = 5
https.start { |w|
response = w.get('/')
puts response.body
}

/usr/lib/ruby/1.8/net/protocols.rb:48:in `connect': certificate verify failed (O
penSSL::SSL::SSLError)
from /usr/lib/ruby/1.8/net/protocols.rb:48:in `ssl_connect'
from /usr/lib/ruby/1.8/net/https.rb:175:in `on_connect'
from /usr/lib/ruby/1.8/net/http.rb:432:in `do_start'
from /usr/lib/ruby/1.8/net/http.rb:418:in `start'
from httpstest2.rb:7

確認の出来ない証明書を許可する場合（オレオレ認証）

require 'net/https'
https = Net::HTTP.new('ng.example.com',443)
https.use_ssl = true
#https.ca_file = 'ca.pem'
#https.verify_mode = OpenSSL::SSL::VERIFY_PEER
#https.verify_depth = 5
https.start { |w|
response = w.get('/')
puts response.body
}

エラーにならない