I’m currently building a website with Ruby on Rails that requires SSL to secure a few web pages such as the login page while leaving the rest of the site SSL free. It took me a few hours to figure it out and the information on this subject is somewhat sparse. I thought I’d write down the information in case someone needs it.
I’m using WEBrick for my development work because it’s quick and easy. Normally, WEBrick isn’t in ssl mode and it wasn’t obvious to me as to how to run an ssl version of it. After looking around, I found the script mentioned in this mailing list. Simply save the script as server_ssl in the script directory of your RoR project and then:
chmod +x script/server_ssl
Be sure to change the ‘ip’ in the script.
SSL requires the use of a server certificate. The logical question is then how does one create and install a server certificate? Normally, you would purchase a certificate from a Certificate Authority or create one by using a tool like openssl(see HTTPS Configuration in the Ubuntu Server Guide). However, it seems the server_ssl script tells WEBrick to create a server certificate on-the-fly and so there is no need to create and install a certificate. One side effect is that Firefox will warn you the certificate is not authentic. Another side effect is that if you stop and restart WEBrick without restarting Firefox, Firefox will tell you the certificate has the same serial number as another certificate and will simply refuse to use the certificate. If that happens, just restart Firefox. These are inconveniences but are ok while you’re still in the development phase.