Developing Rails apps with SSL

I’m working on some federated authentication (single sign-on) for 3rd-party applications and thought to use Ruby on Rails as a simple way to demo and develop the principles.

This is Rails, so it’s not entirely straightforward(*) but manageable on a Linux host.

In development mode, the default Webrick server does not support SSL, but a decent alternative is thin ( which also requires eventmachine.

To use thin with SSL we need to generate a self-signed certificate,

$ openssl req -newkey rsa:2048 -nodes -keyout neopir.key -x509 -days 365 -out neopir.crt
Generating a 2048 bit RSA private key
writing new private key to 'neopir.key'
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
Country Name (2 letter code) [XX]:GB
State or Province Name (full name) []:GB
Locality Name (eg, city) [Default City]:London
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) []:Technology Division
Common Name (eg, your name or your server's hostname) []
Email Address []

And then we start the application

$ bundle exec thin --ssl --ssl-key-file neopir.key --ssl-cert-file neopir.crt -p 3443 start
Using rack adapter
Thin web server (v1.6.3 codename Protein Powder)
Maximum connections set to 1024
Listening on, CTRL+C to stop

* – It’s easy on Linux, but a nightmare on Windows, principally because eventmachine needs to be compiled with SSL support which requires OpenSSL which requires… I didn’t get it working and gave up trying.


1 thought on “Developing Rails apps with SSL

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.