StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

POSign new certificates in Rails application
text
Body
copied!<p>I have a Rails application with a public REST API which authenticates API clients using SSL client certificates.</p> <p>I would like the app to act as a simple CA. Admin users should be able to visit a page on the site and request a new certificate. The application should generate a new SSL cert, signed with the application's private key, and return it in some form to the admin user.</p> <p>The admin user will then install this cert in client apps. These apps will then be able to use the new cert to access the REST API.</p> <p>What is the easiest way of implementing this? The only way I know of generating and signing new certs is with the <code>openssl</code> command line, after configuring <code>openssl</code> as a CA on the server (e.g. <a href="http://it.toolbox.com/blogs/securitymonkey/howto-securing-a-website-with-client-ssl-certificates-11500" rel="nofollow">like this</a>). Do I need to do that, and communicate with <code>openssl</code> using backticks inside Rails? That seems fiddly and fragile.</p> <p>How should I return the cert to admins? I could just pass them out the cert as a text file to download. I have seen CA web interfaces which allow users to request a cert from a browser, and then install the cert directly into the browser. The admins would then have to export the cert to pass it to the client scripts.</p> <p>I don't suppose there is any kind of "<code>acts_as_CA</code>" gem for Rails?</p> <p>[Note that I already know how to authenticate client requests against my private key. This question specifically relates to issuing new certs.]</p>

Querying!

Guidance

An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload