如何配置WEBrick以使用HTTPS的中间证书?

时间:2012-01-11 19:56:50

标签: ruby-on-rails-3 openssl rack webrick

我目前在我的Rails应用程序中使用以下选项来启用WEBrick的HTTPS:

{
    :Port => 3000,
    :environment => (ENV['RAILS_ENV'] || "development").dup,
    :daemonize => false,
    :debugger => false,
    :pid => File.expand_path("tmp/pids/server.pid"),
    :config => File.expand_path("config.ru"),
    :SSLEnable => true,
    :SSLVerifyClient => OpenSSL::SSL::VERIFY_NONE,
    :SSLPrivateKey => OpenSSL::PKey::RSA.new(
        File.open("certificates/https/key.pem").read),
    :SSLCertificate => OpenSSL::X509::Certificate.new(
        File.open("certificates/https/cert.pem").read),
    :SSLCertName => [["CN", WEBrick::Utils::getservername]]
}

我如何指定中间证书?

2 个答案:

答案 0 :(得分:12)

我在搜索关键字一小时后找到了答案。以下是定义中间证书的选项:

:SSLExtraChainCert => [
    OpenSSL::X509::Certificate.new(
      File.open("certificates/intermediate.crt").read)]

请注意,该选项需要Array对象,允许您在需要时包含多个证书。

答案 1 :(得分:-1)

如果您使用的是rails 3,则将脚本/ rails文件修改为

#!/usr/bin/env ruby
# This command will automatically be run when you run "rails" with Rails 3 gems installed from the root of your application.
require 'rubygems' # if ruby 1.8.7 
require 'rails/commands/server'
require 'rack'
require 'webrick'
require 'webrick/https'

module Rails
    class Server < ::Rack::Server
        def default_options
            super.merge({
                :Port => 3000,
                :environment => (ENV['RAILS_ENV'] || "development").dup,
                :daemonize => false,
                :debugger => false,
                :pid => File.expand_path("tmp/pids/server.pid"),
                :config => File.expand_path("config.ru"),
                :SSLEnable => true,
                :SSLVerifyClient => OpenSSL::SSL::VERIFY_NONE,
                :SSLPrivateKey => OpenSSL::PKey::RSA.new(
                       File.open("/key/vhost1.key").read),
                :SSLCertificate => OpenSSL::X509::Certificate.new(
                       File.open("/crt/vhost1.crt").read),
                :SSLCertName => [["CN", WEBrick::Utils::getservername]],
            })
        end
    end
end

APP_PATH = File.expand_path('../../config/application',  __FILE__)
require File.expand_path('../../config/boot',  __FILE__)
require 'rails/commands'

以上代码是根据Configuring WEBrick to use SSL in Rails 3中的示例修改的。这对我有用。