top button
Flag Notify
    Connect to us
      Site Registration

Site Registration

SSL with Thin Server for RoR website

+1 vote
421 views

I have added force_ssl in ApplicationController. Then thin start --ssl. It took me to https, but with red cross. i.e. Not trusted site.

I tried with creating the certificate with - http://www.napcsweb.com/blog/2013/07/21/rails_ssl_simple_wa/
Still the same. Can anyone suggest?

posted Jan 6, 2014 by Kumar Mitrasen

Share this question
Facebook Share Button Twitter Share Button LinkedIn Share Button

1 Answer

+1 vote

Yes, unless you trust your own certificate or create your own authority and trust it. For development an untrusted local certificate is just fine, for the public (even though now days it might be worthless) you'll need another authority to sign your certificate for it to gain trust because that's the way things are right now.

answer Jan 6, 2014 by Ahmed Patel
Similar Questions
+4 votes

The ssl cert on my apache server have expired. It is actually a server at work - a important one as well so I'm a bit stressed at the moment.

The cert is renewed and I have received the cert files. I'm now trying to install them but I can't get it to work.

I thought it was as simple as just copying the new crt file to the server and restart apache but apache start fails.

I see this in the log:

509 certificate routines:X509_check_private_key:key values mismatch

Server: Apache 2.2.22 on Ubuntu 12.04. How does one install a renewed ssl cert? Do I need to create a new private key and ca-bundle? Please point me in the right direction.

0 votes

I'm trying to setup a forward proxy to access certain endpoints on Remote server which require https with basic authentication in header.

A(Application server) ---> Forward proxy (B) ----> Remote server(C)

i'm at B on which i have setup below Apache Virtual host in which i'm setting the headers to use basic authentication passing encoded value of user & pass configured on remote server.However,i want to include HTTPS in my request to C to ensure the headers are sent securely with encrption to remote server (C). I do Not want to use a separate Virtual host for HTTPS. Should i include a SSL Server certificate in my proxy configuration as given below with the basic authentication in header ?
How can i achieve this in Single virtual host ? I have limited knowledge on apache, so please help here.

I tried searching on the internet but did not find the required solution.

##### vHost 9099 is for basic auth with HTTPS #####
Listen *:9099
<VirtualHost *:9099>

        ServerName      myservername.com
        ServerAlias     myservername.com
        ServerAdmin     iamadmin@myservername.com
        DocumentRoot    /my/doc/root/
        SSLEngine on
        RewriteEngine On
        AllowEncodedSlashes NoDecode

        ProxyRequests On

        # SSL configuration

        SSLCertificateFile       /Path to cert.pem
        SSLCertificateKeyFile    /Path to private key
        SSLCACertificateFile     /Path to CA certs


        ##  Basic64  Encoded XXXX od user and passwd in header

         RequestHeader set Authorization "Basic XXXXX"


         ##  Endpoints accessed via https with basic authentication in header

         ProxyPass /api/api1/   https://30.30.115.22:11111/api/api1/
         ProxyPassReverse /api/api1/    https://30.30.115.22:11111/api/api1/


</VirtualHost>
+4 votes

We want to set up SSL client authentication and we will only have a single client that we want to allow through to the website.

Is it possible to allow just a single certificate to authenticate by just specifying that one cert in SSLCACertificateFile? i.e. without specifying the CA cert instead?

If so, would my SSLVerifyDepth then be zero?

Are there any reasons I might not have thought about why this isn't a good idea or any other considerations?

+1 vote

My Ruby on Rails App needs to connect to a ODBC Datasource that has SSL only enabled.

Can somebody give me an example of connecting to a ODBC Source with SSL?

I constantly get SSL required error. I don't see the option of passing SSL Certificates via UnixODBC. May be something I am missing.

...