I didn't have time to write a proper response earlier, but I was experiencing the same problem. It was occurring while Canvas was trying use the Adobe Connect API to create meetings. Our Connect instance is served over SSL, with a cert signed by RapidSSL, itself signed by GeoTrust. My Canvas app servers had a root cert for GeoTrust, but not for RapidSSL. The solution was to get a copy of the cert (issued by the CA), and make it available to ruby.
Ruby looks for root certs in it's DEFAULT_CERT_DIR - you can find this by running
ruby -e 'require "openssl"; puts OpenSSL::X509::DEFAULT_CERT_DIR'
On my machine, this is /etc/ssl/certs. But you can't just stick the cert file there, you need to rename the file to a hash of the cert details, with a file extension of "0" (zero). In my case, certs are kept in /usr/share/ca-certificates/ and symlinked to a file in /etc/ssl/certs. You can get the hash by running
openssl x509 -noout -in my-cert.crt -hash
This will give you something like f123a456. So you would symlink /usr/share/ca-certificates/my-cert.crt to /etc/ssl/certs/f123a456.0
I hope this helps.