Creating an SSL certificate for WEBrick

We are developing a Ruby on Rails application and it is almost ready for production. We need to use SSL and https URLs rather than plain old http.The WEBrick server Rails uses is different from Apache, and we’re stuck trying to install the SSL certificate so that Ruby on Rails will use it.

The steps for creating an SSL certificate are the same for WEBrick as for Apache, but configuring WEBrick to use the certificate is slightly different. For Apache we edit the configuration file to include the location of the certificate and server private key files and restart Apache. To use SSL with WEBrick, we need to create a new startup script that will be used to launch WEBrick with SSL enabled. In order to support both http and https URLs you use two different startup scripts for WEBrick and run both instances at the same time. There are a number of variations possible on the SSL startup script for WEBrick. The following is based on an example found here. To use this script you will need to change at least the private key location, the certificate location and the DocumentRoot setting to match your server setup. Once you have a working startup script for WEBrick that uses SSL, you can follow the guidelines in the How-to Documentation to finish configuring your Ruby applications to utilize SSL connections as required for your environment.

#!/usr/local/bin/ruby

require 'webrick'

require 'webrick/https'

require 'openssl'

pkey = cert = cert_name = nil

begin

pkey =

OpenSSL::PKey::RSA.new(File.open("/path/to/private.key”).read)

cert =

OpenSSL::X509::Certificate.new(File.open("/path/to/server.crt").read)

end

s=WEBrick::HTTPServer.new(

:Port => 8443,

:Logger => WEBrick::Log::new($stderr, WEBrick::Log::DEBUG),

:DocumentRoot => "/ruby/htdocs",

:SSLEnable => true,

:SSLVerifyClient => OpenSSL::SSL::VERIFY_NONE,

:SSLCertificate => cert,

:SSLPrivateKey => pkey,

:SSLCertName => [ [ "CN",WEBrick::Utils::getservername ] ]

)

s.start

From CSO: 7 security mistakes people make with their mobile device
Join the discussion
Be the first to comment on this article. Our Commenting Policies