Forum: Ruby on Rails using certificates with ActiveResource

Announcement (2017-05-07): is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see and for other Rails- und Ruby-related community platforms.
Ben M. (Guest)
on 2007-03-29 13:04
(Received via mailing list)
I'm trying to hack ActiveResource to use a self-signed certificate when
connecting to my RESTful rails app (seems like a pretty glaring hole
that it doesn't offer this out of the box... though I guess it is alpha

I started out going through the ActiveResource code looking for
somewhere I could set the cert and key. Didn't find it, so I took the
approach of overriding Net::HTTP#cert and Net::HTTP#key to return my
cert and key:

require 'net/https'

class Net::HTTP
   def cert +
   def key +

That still wasn't working... I think I was getting an SSL error. So, I
took a detour off to write a standalone ruby script to do the connection
using the cert and key. After much trial and error, I finally got Apache
to accept the cert. I wasn't able to get the actual data from the REST
service because my xml input gets url-encoded, but that's ok... I really
want to get this working with ActiveResource, not by using Net:HTTP

The solution that ultimately made Apache happy with that standalone code
was to also set Net::HTTP.verify_mode to OpenSSL::SSL::VERIFY_PEER and
to provide the certificate authority file that I used to sign the cert
to Net:HTTP and Apache.

So, I added these things to environment.rb, giving me:

class Net::HTTP
   def cert +
   def key +
   def ca_file
     RAILS_ROOT + "/config/certs/cacert.pem"
   def verify_mode

But ActiveResource gives me no love... or rather Apache once again gives
me the error I was getting before I added the CA stuff to my standalone

SSL Library Error: 336105671 error:140890C7:SSL
routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate
No CAs known to server for verification?

I've put debug statements in ActiveResource::Connection right before it
makes the call and it is ssl, it is verify peer, it has my cert, my key
and my cert authority... but it doesn't work.

Any help, ideas, suggestions... anything would be great.

This topic is locked and can not be replied to.