10

I am currently using the following options in my Rails app to enable HTTPS with WEBrick:

{
    :Port => 3000,
    :environment => (ENV['RAILS_ENV'] || "development").dup,
    :daemonize => false,
    :debugger => false,
    :pid => File.expand_path("tmp/pids/server.pid"),
    :config => File.expand_path("config.ru"),
    :SSLEnable => true,
    :SSLVerifyClient => OpenSSL::SSL::VERIFY_NONE,
    :SSLPrivateKey => OpenSSL::PKey::RSA.new(
        File.open("certificates/https/key.pem").read),
    :SSLCertificate => OpenSSL::X509::Certificate.new(
        File.open("certificates/https/cert.pem").read),
    :SSLCertName => [["CN", WEBrick::Utils::getservername]]
}

How would I go about specifying an intermediate certificate?

YWCA Hello
  • 2,997
  • 4
  • 29
  • 40
  • You should not answer your own question on the question itself. You should rather answer your own question with an answer. – Pedro Rolo Apr 21 '12 at 13:39
  • It appears that the above code comes from [this blog post](https://www.altamiracorp.com/blog/employee-posts/configuring-webrick-to-use-ssl), correct? –  Apr 17 '14 at 06:21
  • I think I pulled that from the WEBrick documentation, which was a challenge in itself. It's pretty boiler plate. I can't comment for @priteshj though. – YWCA Hello Apr 17 '14 at 15:45

2 Answers2

13

I managed to find an answer after an extra hour of googling for keywords. Here is the option to define an intermediate certificate:

:SSLExtraChainCert => [
    OpenSSL::X509::Certificate.new(
      File.open("certificates/intermediate.crt").read)]

Note that the option requires an Array object, allowing to you include multiple certificates if needed.

YWCA Hello
  • 2,997
  • 4
  • 29
  • 40
-1

If you are using rails 3, then modify the script/rails file as

#!/usr/bin/env ruby
# This command will automatically be run when you run "rails" with Rails 3 gems installed from the root of your application.
require 'rubygems' # if ruby 1.8.7 
require 'rails/commands/server'
require 'rack'
require 'webrick'
require 'webrick/https'

module Rails
    class Server < ::Rack::Server
        def default_options
            super.merge({
                :Port => 3000,
                :environment => (ENV['RAILS_ENV'] || "development").dup,
                :daemonize => false,
                :debugger => false,
                :pid => File.expand_path("tmp/pids/server.pid"),
                :config => File.expand_path("config.ru"),
                :SSLEnable => true,
                :SSLVerifyClient => OpenSSL::SSL::VERIFY_NONE,
                :SSLPrivateKey => OpenSSL::PKey::RSA.new(
                       File.open("/key/vhost1.key").read),
                :SSLCertificate => OpenSSL::X509::Certificate.new(
                       File.open("/crt/vhost1.crt").read),
                :SSLCertName => [["CN", WEBrick::Utils::getservername]],
            })
        end
    end
end

APP_PATH = File.expand_path('../../config/application',  __FILE__)
require File.expand_path('../../config/boot',  __FILE__)
require 'rails/commands'

The above code was modified from the example in Configuring WEBrick to use SSL in Rails 3. This worked for me.

Pritesh Jain
  • 9,106
  • 4
  • 37
  • 51
  • Changing from .pem to .crt format won't change the actual certificate information present in the file. I need to make WEBrick aware of a third piece of information, the intermediate certificate. – YWCA Hello Jan 11 '12 at 20:27
  • can you share the script/rails file you have been editing? also what version is the ruby and rails – Pritesh Jain Jan 11 '12 at 20:47
  • My question is asking how to define an intermediate certificate, not asking for a working configuration without one. – YWCA Hello Jan 11 '12 at 20:55
  • This answer is almost identical to [this blog post](http://www.nearinfinity.com/blogs/chris_rohr/configuring_webrick_to_use_ssl.html) from [2010](http://stackoverflow.com/a/3662072/456814). If you based your answer off the information from that post, you should at least give some credit to the original author. –  Mar 04 '14 at 06:48