I'm using Ruby on Rails 3 and I must make to operate HTTPS connections on localhost.

I'm using:

  • Apache v2 + Phusion Passenger
  • Mac OS + Snow Leopard v10.6.6

My Ruby on Rails installation make use of the Typhoeus gem (you'll be able to make use of the Ruby nethttp library however the result does not change) to create HTTP demands over HTTPS.

I produced self-signed ca.key, pjtname.crt and pjtname.key as detailed on the Apple website.

Notice: Following instruction in the Apple website, on running the openssl req -new -key server.key -out server.csr command (begin to see the link) at this time

Common Name (eg, YOUR name) []: (this is the important one)

I joined *pjtname.com to ensure that applies for those sub_domain of this site.


During my Apache httpd.conf I've two virtual hosts set up in by doing this:

# Secure (SSL/TLS) connections
#Include /private/etc/apache2/extra/httpd-ssl.conf
#
# Note: The following must must be present to support
#       starting without SSL on platforms with no /dev/random equivalent
#       but a statically compiled-in mod_ssl.
#
<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>

Include /private/etc/apache2/other/*.conf



# Passenger configuration
   LoadModule passenger_module /Users/<my_user_name>/.rvm/gems/ruby-1.9.2-p136/gems/passenger-3.0.2/ext/apache2/mod_passenger.so
   PassengerRoot /Users/<my_user_name>/.rvm/gems/ruby-1.9.2-p136/gems/passenger-3.0.2
   PassengerRuby /Users/<my_user_name>/.rvm/wrappers/ruby-1.9.2-p136/ruby




# Go ahead and accept connections for these vhosts
# from non-SNI clients
SSLStrictSNIVHostCheck off


# Ensure that Apache listens on port 443
Listen 443

# Listen for virtual host requests on all IP addresses
NameVirtualHost *:80
NameVirtualHost *:443



#
# PJTNAME.COM and subdomains SETTING
#



<VirtualHost *:443>
  # Because this virtual host is defined first, it will
  # be used as the default if the hostname is not received
  # in the SSL handshake, e.g. if the browser doesn't support
  # SNI.

  ServerName pjtname.com:443
  DocumentRoot "/Users/<my_user_name>/Sites/pjtname.com/pjtname.com/public"

  ServerAdmin you@example.com
  ErrorLog "/private/var/log/apache2/error_log"
  TransferLog "/private/var/log/apache2/access_log"

  RackEnv development

  <Directory "/Users/<my_user_name>/Sites/pjtname.com/pjtname.com/public">
    Order allow,deny
    Allow from all
  </Directory>

  # SSL Configuration
  SSLEngine on

  # Self Signed certificates
  # Server Certificate
  SSLCertificateFile /private/etc/apache2/ssl/wildcard.certificate/pjtname.crt
  # Server Private Key
  SSLCertificateKeyFile /private/etc/apache2/ssl/wildcard.certificate/pjtname.key
  # Server Intermediate Bundle
  SSLCertificateChainFile /private/etc/apache2/ssl/wildcard.certificate/ca.crt
</VirtualHost>

# HTTP Setting
<VirtualHost *:80>
  ServerName pjtname.com
  DocumentRoot "/Users/<my_user_name>/Sites/pjtname.com/pjtname.com/public"

  RackEnv development

  <Directory "/Users/<my_user_name>/Sites/pjtname.com/pjtname.com/public">
    Order allow,deny
    Allow from all
  </Directory>
</VirtualHost>




<VirtualHost *:443>
  ServerName users.pjtname.com:443
  DocumentRoot "/Users/<my_user_name>/Sites/pjtname.com/users.pjtname.com/public"

  ServerAdmin you@example.com
  ErrorLog "/private/var/log/apache2/error_log"
  TransferLog "/private/var/log/apache2/access_log"

  RackEnv development

  <Directory "/Users/<my_user_name>/Sites/pjtname.com/users.pjtname.com/public">
    Order allow,deny
    Allow from all
  </Directory>

  # SSL Configuration
  SSLEngine on

  # Self Signed certificates
  # Server Certificate
  SSLCertificateFile /private/etc/apache2/ssl/wildcard.certificate/pjtname.crt
  # Server Private Key
  SSLCertificateKeyFile /private/etc/apache2/ssl/wildcard.certificate/pjtname.key
  # Server Intermediate Bundle
  SSLCertificateChainFile /private/etc/apache2/ssl/wildcard.certificate/ca.crt
</VirtualHost>

# HTTP Setting
<VirtualHost *:80>
  ServerName users.pjtname.com
  DocumentRoot "/Users/<my_user_name>/Sites/pjtname.com/users.pjtname.com/public"

  RackEnv development

  <Directory "/Users/<my_user_name>/Sites/pjtname.com/users.pjtname.com/public">
    Order allow,deny
    Allow from all
  </Directory>
</VirtualHost>

Within the host file I've:

##
# Host Database
#
# localhost is used to configure the loopback interface
# when the system is booting.  Do not change this entry.
##
127.0.0.1   localhost
255.255.255.255 broadcasthost
::1             localhost 
fe80::1%lo0 localhost

# PJTNAME.COM SETTING

127.0.0.1 pjtname.com
127.0.0.1 users.pjtname.com

All appears to operate correctly because I've already set everything (I believe properly):

  • I produced a wildcard certificate for my domain names and sub-domain names (within this example: *.pjtname.com)
  • I've set base-named virtualhosts within the http.conf file listening on port :433 and :80
  • My browser accept certificates and if it alerts me that individuals aren't safe (notice: I have to accept certificates for every domainsub-domain that's, [only] at the very first time I access a website or sub-domain over HTTPS I have to perform the same technique of acceptance) and that i can get access to pages using HTTPS

In the end the work, after i create a request using Typhoeus (I'm able to use even the Ruby Internet::Http library and also the result does not change) in the pjtname.com RoR application:

# Typhoeus request
Typhoeus::Request.get("https://users.pjtname.com/")

I recieve something similar to an alert concerning the certificate:

--- &id001 !ruby/object:Typhoeus::Response 
app_connect_time: 0.0
body: ""
code: 0
connect_time: 0.000625

# Here is the warning
curl_error_message: Peer certificate cannot be authenticated with known CA certificates

curl_return_code: 60
effective_url: https://users.pjtname.com/
headers: ""
http_version: 
mock: false
name_lookup_time: 0.000513
pretransfer_time: 0.0
request: !ruby/object:Typhoeus::Request 
  after_complete: 
  auth_method: 
  body: 
  ...

All which means that something is wrong. So, what I must do in order to steer clear of the "Peer certificate can't be authenticated with known CA certificates" warning making the HTTPS request to operate? Where isare the errorerrors (I believe within the Apache configuration, but where?!)?

P.S.: if you want more info, tell me.