How do I configure WEBrick to use an intermediate certificate with HTTPS?

Asked 11/1, 2012 at 19:56 Answered 23/4, 2012 at 17:34

Solved ruby-on-rails-3 openssl rack webrick

I am currently using the following options in my Rails app to enable HTTPS with WEBrick:

{
    :Port => 3000,
    :environment => (ENV['RAILS_ENV'] || "development").dup,
    :daemonize => false,
    :debugger => false,
    :pid => File.expand_path("tmp/pids/server.pid"),
    :config => File.expand_path("config.ru"),
    :SSLEnable => true,
    :SSLVerifyClient => OpenSSL::SSL::VERIFY_NONE,
    :SSLPrivateKey => OpenSSL::PKey::RSA.new(
        File.open("certificates/https/key.pem").read),
    :SSLCertificate => OpenSSL::X509::Certificate.new(
        File.open("certificates/https/cert.pem").read),
    :SSLCertName => [["CN", WEBrick::Utils::getservername]]
}

How would I go about specifying an intermediate certificate?

Boarder answered 11/1, 2012 at 19:56 Comment(3)

You should not answer your own question on the question itself. You should rather answer your own question with an answer. – Cusped 21/4, 2012 at 13:39

It appears that the above code comes from this blog post, correct? – Conformation 17/4, 2014 at 6:21

I think I pulled that from the WEBrick documentation, which was a challenge in itself. It's pretty boiler plate. I can't comment for @priteshj though. – Boarder 17/4, 2014 at 15:45

I managed to find an answer after an extra hour of googling for keywords. Here is the option to define an intermediate certificate:

:SSLExtraChainCert => [
    OpenSSL::X509::Certificate.new(
      File.open("certificates/intermediate.crt").read)]

Note that the option requires an Array object, allowing to you include multiple certificates if needed.

Boarder answered 23/4, 2012 at 17:34 Comment(0)

-1

If you are using rails 3, then modify the script/rails file as

#!/usr/bin/env ruby
# This command will automatically be run when you run "rails" with Rails 3 gems installed from the root of your application.
require 'rubygems' # if ruby 1.8.7 
require 'rails/commands/server'
require 'rack'
require 'webrick'
require 'webrick/https'

module Rails
    class Server < ::Rack::Server
        def default_options
            super.merge({
                :Port => 3000,
                :environment => (ENV['RAILS_ENV'] || "development").dup,
                :daemonize => false,
                :debugger => false,
                :pid => File.expand_path("tmp/pids/server.pid"),
                :config => File.expand_path("config.ru"),
                :SSLEnable => true,
                :SSLVerifyClient => OpenSSL::SSL::VERIFY_NONE,
                :SSLPrivateKey => OpenSSL::PKey::RSA.new(
                       File.open("/key/vhost1.key").read),
                :SSLCertificate => OpenSSL::X509::Certificate.new(
                       File.open("/crt/vhost1.crt").read),
                :SSLCertName => [["CN", WEBrick::Utils::getservername]],
            })
        end
    end
end

APP_PATH = File.expand_path('../../config/application',  __FILE__)
require File.expand_path('../../config/boot',  __FILE__)
require 'rails/commands'

The above code was modified from the example in Configuring WEBrick to use SSL in Rails 3. This worked for me.

Morse answered 11/1, 2012 at 20:13 Comment(4)

Changing from .pem to .crt format won't change the actual certificate information present in the file. I need to make WEBrick aware of a third piece of information, the intermediate certificate. – Boarder 11/1, 2012 at 20:27

can you share the script/rails file you have been editing? also what version is the ruby and rails – Morse 11/1, 2012 at 20:47

My question is asking how to define an intermediate certificate, not asking for a working configuration without one. – Boarder 11/1, 2012 at 20:55

This answer is almost identical to this blog post from 2010. If you based your answer off the information from that post, you should at least give some credit to the original author. – Conformation 4/3, 2014 at 6:48

Recommended topics

Hot tags