I am using Ruby on Rails 3 and I would like
to make
to work HTTPS connections on localhost.
I am using:
Apache v2 + Phusion Passenger
Mac OS + Snow Leopard v10.6.6
My Ruby on Rails installation use
the Typhoeus gem (it is possible
to use
the Ruby net\http library but
the result doesn't change)
to make HTTP requests over HTTPS.
I created self-signed ca.key, pjtname.crt and pjtname.key as detailed on
the Apple website.
Notice: Following instruction from
the Apple website, on running
the openssl req -new -key server.key -out server.csr command (see
the link) at this point
Common Name (eg, YOUR name) []: (this is
the important one)
I entered *pjtname.com so that is valid for all sub_domain of that site.
In my Apache httpd.conf I have two virtual hosts configured in this way:
# Secure (SSL/TLS) connections
#Include /private/etc/apache2/extra/httpd-ssl.conf
#
# Note:
The following must must be present
to support
# starting without SSL on platforms with no /dev/random equivalent
# but a statically compiled-in mod_ssl.
#
<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>
Include /private/etc/apache2/other/*.conf
# Passenger configuration
LoadModule passenger_module /Users/<my_user_name>/.rvm/gems/ruby-1.9.2-p136/gems/passenger-3.0.2/ext/apache2/mod_passenger.so
PassengerRoot /Users/<my_user_name>/.rvm/gems/ruby-1.9.2-p136/gems/passenger-3.0.2
PassengerRuby /Users/<my_user_name>/.rvm/wrappers/ruby-1.9.2-p136/ruby
# Go ahead and accept connections for these vhosts
# from non-SNI clients
SSLStrictSNIVHostCheck off
# Ensure that Apache listens on port 443
Listen 443
# Listen for virtual host requests on all IP addresses
NameVirtualHost *:80
NameVirtualHost *:443
#
# PJTNAME.COM and subdomains SETTING
#
<VirtualHost *:443>
# Because this virtual host is defined first, it will
# be used as
the default if
the hostname is not received
# in
the SSL handshake, e.g. if
the browser doesn't support
# SNI.
ServerName pjtname.com:443
DocumentRoot "/Users/<my_user_name>/Sites/pjtname.com/pjtname.com/public"
ServerAdmin
[email protected]
ErrorLog "/private/var/log/apache2/error_log"
TransferLog "/private/var/log/apache2/access_log"
RackEnv development
<Directory "/Users/<my_user_name>/Sites/pjtname.com/pjtname.com/public">
Order allow,deny
Allow from all
</Directory>
# SSL Configuration
SSLEngine on
# Self Signed certificates
# Server Certificate
SSLCertificateFile /private/etc/apache2/ssl/wildcard.certificate/pjtname.crt
# Server Private Key
SSLCertificateKeyFile /private/etc/apache2/ssl/wildcard.certificate/pjtname.key
# Server Intermediate Bundle
SSLCertificateChainFile /private/etc/apache2/ssl/wildcard.certificate/ca.crt
</VirtualHost>
# HTTP Setting
<VirtualHost *:80>
ServerName pjtname.com
DocumentRoot "/Users/<my_user_name>/Sites/pjtname.com/pjtname.com/public"
RackEnv development
<Directory "/Users/<my_user_name>/Sites/pjtname.com/pjtname.com/public">
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
<VirtualHost *:443>
ServerName users.pjtname.com:443
DocumentRoot "/Users/<my_user_name>/Sites/pjtname.com/users.pjtname.com/public"
ServerAdmin
[email protected]
ErrorLog "/private/var/log/apache2/error_log"
TransferLog "/private/var/log/apache2/access_log"
RackEnv development
<Directory "/Users/<my_user_name>/Sites/pjtname.com/users.pjtname.com/public">
Order allow,deny
Allow from all
</Directory>
# SSL Configuration
SSLEngine on
# Self Signed certificates
# Server Certificate
SSLCertificateFile /private/etc/apache2/ssl/wildcard.certificate/pjtname.crt
# Server Private Key
SSLCertificateKeyFile /private/etc/apache2/ssl/wildcard.certificate/pjtname.key
# Server Intermediate Bundle
SSLCertificateChainFile /private/etc/apache2/ssl/wildcard.certificate/ca.crt
</VirtualHost>
# HTTP Setting
<VirtualHost *:80>
ServerName users.pjtname.com
DocumentRoot "/Users/<my_user_name>/Sites/pjtname.com/users.pjtname.com/public"
RackEnv development
<Directory "/Users/<my_user_name>/Sites/pjtname.com/users.pjtname.com/public">
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
In
the host file I have:
##
# Host Database
#
# localhost is used
to configure
the loopback interface
# when
the system is booting. Do not
change this entry.
##
127.0.0.1 localhost
255.255.255.255 broadcasthost
::1 localhost
fe80::1%lo0 localhost
# PJTNAME.COM SETTING
127.0.0.1 pjtname.com
127.0.0.1 users.pjtname.com
All seems
to work properly because I have already set everything (I think correctly):
I generated a wildcard certificate for my domains and sub-domains (in this example: *.pjtname.com)
I have set base-named virtualhosts in
the http.conf file listening on port :433 and :80
My browser accept certificates also if it alerts me that those aren't safe (notice: I must accept certificates for each domain\sub-domain; that is, [only] at
the first time I access a domain or sub-domain over HTTPS I must do
the same procedure for acceptance) and I can have access
to pages using HTTPS
After all this work, when I make a request using Typhoeus (I can use also
the Ruby Net::Http library and
the result doesn't change) from
the pjtname.com RoR application:
# Typhoeus request
Typhoeus::Request.get("https://users.pjtname.com/")
I get something like a warning about
the certificate:
--- &id001 !ruby/object:Typhoeus::Response
app_connect_time: 0.0
body: ""
code: 0
connect_time: 0.000625
# Here is
the warning
curl_error_message: Peer certificate cannot be authenticated with known CA certificates
curl_return_code: 60
effective_url: https://users.pjtname.com/
headers: ""
http_version:
mock: false
name_lookup_time: 0.000513
pretransfer_time: 0.0
request: !ruby/object:Typhoeus::Request
after_complete:
auth_method:
body:
...
All this means that something is wrong. So, what I have
to do
to avoid
the "Peer certificate cannot be authenticated with known CA certificates" warning and make
the HTTPS request
to work? Where is\are
the error\errors (I think in
the Apache configuration, but where?!)?
P.S.: if you need some more info, let me know.
