SSL setup for Ruby

Trent — Thu, 18 Dec 2008 11:56:40 +0000

I found recently that I wanted to get SSL enabled when making HTTP connections with Ruby. However, if you’re wishing to talk to servers that have certificates signed by commercial certificate authorities then you won’t be able to verify them when you make a connection:

require 'net/http'
require 'net/https'
http = Net::HTTP.new('www.google.com', 443)
http.use_ssl = true
http.get('/mail')
"warning: peer certificate won't be verified in this SSL session"
=<#net::httpfound 302="" found="" readbody="true">

Notice line 6? Not good as its really important to be able to verify SSL certificates on the web to make sure that you’re talking to who you think you’re talking to!

So to verify these certificates, download commercial certificate authorities used by Mozilla (Firefox) that have been kindly pre-packaged for you:

http://curl.haxx.se/docs/caextract.html

Store in a logical location:

/usr/share/ssl/cert.pem

Now, test out that they are working, try this code (IRB works well!):

require 'net/http'
require 'net/https'
http = Net::HTTP.new('www.google.com', 443)
http.ca_file = '/usr/share/ssl/cacert.pem'
http.use_ssl = true
http.get('/mail')
=<#net::httpfound 302="" found="" readbody="true">

Yah! No more warnings, we’re properly verify the server’s SSL certificate!

Tip: If you’re behind a proxy, then you’ll need to change the third step to be:

http = Net::HTTP::Proxy('myproxyserver', 8080).new('www.google.com', 443)

The above code creates a HTTP class with your proxy configuration baked in. Then you can create an instance from it, just like a regulard HTTP class!

Pass By Value » ssl

SSL setup for Ruby