I found recently that I wanted to get SSL enabled when making HTTP connections with Ruby. However, if you’re wishing to talk to servers that have certificates signed by commercial certificate authorities then you won’t be able to verify them when you make a connection:
require 'net/http' require 'net/https' http = Net::HTTP.new('www.google.com', 443) http.use_ssl = true http.get('/mail') "warning: peer certificate won't be verified in this SSL session" =<#net::httpfound 302="" found="" readbody="true">
Notice line 6? Not good as its really important to be able to verify SSL certificates on the web to make sure that you’re talking to who you think you’re talking to!
So to verify these certificates, download commercial certificate authorities used by Mozilla (Firefox) that have been kindly pre-packaged for you:
http://curl.haxx.se/docs/caextract.html
Store in a logical location:
/usr/share/ssl/cert.pem
Now, test out that they are working, try this code (IRB works well!):
require 'net/http' require 'net/https' http = Net::HTTP.new('www.google.com', 443) http.ca_file = '/usr/share/ssl/cacert.pem' http.use_ssl = true http.get('/mail') =<#net::httpfound 302="" found="" readbody="true">
Yah! No more warnings, we’re properly verify the server’s SSL certificate!
Tip: If you’re behind a proxy, then you’ll need to change the third step to be:
http = Net::HTTP::Proxy('myproxyserver', 8080).new('www.google.com', 443)
The above code creates a HTTP class with your proxy configuration baked in. Then you can create an instance from it, just like a regulard HTTP class!
