Skip to content

Instantly share code, notes, and snippets.

@jmarchello
Forked from tadast/ssl_puma.sh
Last active August 2, 2016 16:07
Show Gist options
  • Save jmarchello/ab26a98a9d9ff8ce8ef3d86c13622916 to your computer and use it in GitHub Desktop.
Save jmarchello/ab26a98a9d9ff8ce8ef3d86c13622916 to your computer and use it in GitHub Desktop.
localhost SSL with puma
# 1) Create your private key (any password will do, we remove it below)
$ cd ~/.ssh
$ openssl genrsa -des3 -out server.orig.key 2048
# 2) Remove the password
$ openssl rsa -in server.orig.key -out server.key
# 3) Generate the csr (Certificate signing request) (Details are important!)
$ openssl req -new -key server.key -out server.csr
# IMPORTANT
# MUST have localhost.ssl as the common name to keep browsers happy
# (has to do with non internal domain names ... which sadly can be
# avoided with a domain name with a "." in the middle of it somewhere)
Country Name (2 letter code) [AU]:
...
Common Name: localhost.ssl
...
# 4) Generate self signed ssl certificate
$ openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
# 5) Finally Add localhost.ssl to your hosts file
$ echo "127.0.0.1 localhost.ssl" | sudo tee -a /private/etc/hosts
# 6) Boot puma
$ puma -b 'ssl://127.0.0.1:3000?key=/Users/jmarchello/.ssh/server.key&cert=/Users/jmarchello/.ssh/server.crt'
# 7) Add server.crt as trusted !!SYSTEM!! (not login) cert in the mac osx keychain
# Open keychain tool, drag .crt file to system, and trust everything.
# Notes:
# 1) Https traffic and http traffic can't be served from the same process. If you want
# both you need to start two instances on different ports.
#
#
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment