Databases
StackOverflow2013
Postsdbo
POConnecting using https to a server with a certificate signed by a CA I created
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POConnecting using https to a server with a certificate signed by a CA I created
    text
    copied!<p>I have a test environment that uses Ruby to drive a server over an https connection. Since the latest versions of Ruby refuse to connect to an https server with an invalid certificate (see <a href="https://stackoverflow.com/questions/7969688/how-to-connect-to-an-https-server-with-an-invalid-certificate-using-the-latest-v">this earlier question of mine</a>) and I would like to start using a newer version of Ruby, I am trying to set up a valid certificate.</p> <p>I have created a CA certificate to use (there are multiple servers being tested so this seems the easier way), and have successfully used it to sign a new certificate which has been installed on a server and is being used. I have added the CA certificate to the browser store and it (the browser) will now connect to the server without complaint. So I am confident my certificates are valid and set up correctly.</p> <p>I know that Ruby does not use the same store as the browser. I have used the CA file available <a href="http://curl.haxx.se/ca/cacert.pem" rel="nofollow noreferrer">here</a> to test connecting to other (public) servers (set using the <code>Net::HTTP#ca_file=</code> method) and this also works.</p> <p>What I cannot get to work is Ruby connecting to my server using my certificate. I have tried various ways of pointing it at my certificate (including adding my certificate to the file linked above) and it always gives the same error:</p> <pre><code>SSL_connect SYSCALL returned=5 errno=0 state=SSLv2/v3 read server hello A (OpenSSL::SSL::SSLError) </code></pre> <p>What do I have to do to convince Ruby to accept my certificate and connect to my server?</p> <p>The code I am using is:</p> <pre><code>require 'net/https' uri = URI.parse("https://hostname/index.html") http = Net::HTTP.new(uri.host, uri.port) http.use_ssl = true http.verify_mode = OpenSSL::SSL::VERIFY_PEER http.ca_file = "My CA cert file" request = Net::HTTP::Get.new(uri.path) response = http.request(request) </code></pre> <p>I'm assuming this is wrong somehow. What I want to know is, what should I do to use my CA certificate?</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload