Developing Rails apps with SSL

I’m working on some federated authentication (single sign-on) for 3rd-party applications and thought to use Ruby on Rails as a simple way to demo and develop the principles.

This is Rails, so it’s not entirely straightforward(*) but manageable on a Linux host.

In development mode, the default Webrick server does not support SSL, but a decent alternative is thin (https://github.com/macournoyer/thin) which also requires eventmachine.

To use thin with SSL we need to generate a self-signed certificate,

$ openssl req -newkey rsa:2048 -nodes -keyout neopir.key -x509 -days 365 -out neopir.crt
Generating a 2048 bit RSA private key
.....................+++
..........................................+++
writing new private key to 'neopir.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:GB
State or Province Name (full name) []:GB
Locality Name (eg, city) [Default City]:London
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) []:Technology Division
Common Name (eg, your name or your server's hostname) []:neopir.example.com
Email Address []:postmaster@example.com

And then we start the application

$ bundle exec thin --ssl --ssl-key-file neopir.key --ssl-cert-file neopir.crt -p 3443 start
Using rack adapter
Thin web server (v1.6.3 codename Protein Powder)
Maximum connections set to 1024
Listening on 0.0.0.0:3443, CTRL+C to stop

* – It’s easy on Linux, but a nightmare on Windows, principally because eventmachine needs to be compiled with SSL support which requires OpenSSL which requires… I didn’t get it working and gave up trying.

Advertisements

One thought on “Developing Rails apps with SSL

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s