Ssl certificates


#1

Hi,
could someone help me with ssl certificates?

i have mycert.pfx file (client certificate) and CA certificate ca.cer.
i far as i know, ruby doesn’t understand pfx format, so i’ve converted
it to pem format.
in viewer pem looks like:

Bag attributes
blabla

Key Attributes
blabla

—begin rsa private key—
blabla
—end rsa private key-----

–begin certificate--------
blabla
–end certificate----------

in some example a saw, that there should be three files, looks like pfx
file should be splited to two separate files?

how to prepare those two files(mycert.pfx and ca.cer) for using with
HttpClient in ruby? How to use them with HttpClient?

Giedrius


#2

I can’t understand, is my question stupid enough or there’s no people,
who tryed to work with ruby over ssl?
I’ve posting like fourth question regarding SSL on various aspects and
didn’t received any response from anyone.


#3

I was making this:

converted ca.cer file
openssl x509 -in ca.cer -inform DER -out ca.pem -outform PEM

converted mycert.pfx to mycert.pem and splited this to two files in
my_key.pem placed rsa key part and in my_cert.pem placed certificate
part.

wrote code:

require ‘http-access2’
url = ARGV.shift || ‘https://zzz.com
uri = URI.parse(url)
ca_file = “ca.pem”
cl_cert = “my_cert.pem”
cl_key = “my_key.pem”
proxy = ENV[‘HTTP_PROXY’] || ENV[‘http_proxy’] || nil
h = HTTPClient.new(proxy)
h.ssl_config.set_client_cert_file(cl_cert, cl_key)
h.ssl_config.set_trust_ca(ca_file)
print h.get_content(url)

and received error:

at depth 0 - 20: unable to get local issuer certificate

what i did wrong or what i forgot to do?


#4

On Thursday 09 Feb 2006 11:44, Giedrius wrote:

I can’t understand, is my question stupid enough or there’s no people,
who tryed to work with ruby over ssl?
I’ve posting like fourth question regarding SSL on various aspects and
didn’t received any response from anyone.

Hi Giedrius,

Don’t be disheartened, this list is very busy and hard to keep track of.
I
haven’t used it through the forum, but certainly on the mailing list, I
only
dip in now and then, because there’s no way I have time to read
everything.
I imagine it’s the same for a lot of others.

Anyway, I don’t know if this helps you, but I’m developing an SSL Rails
app,
and used the following tutorial to set it up with Lighttpd:

http://wiki.archlinux.org/index.php/Lighttpd_For_Both_SSL_And_Non-SSL

I don’t bother running two Lighttpd daemons though (one for SSL and one
for
non-SSL) - seemed like too much trouble to get that to launch when I run
script/server, so I simply didn’t worry about it - my entire app runs
over
SSL.

So, I don’t know if that really answers your question, but that’s how I
did
it, though it took me a while to figure it out before I found that
tutorial.
(Back then, the default script/server was WEBrick anyway, so initially I
was
trying to get that working with SSL and gave up completely.)

Is that any help? (Maybe not, I haven’t used HttpClient myself.)

Cheers,

~Dave

Dave S.
Rent-A-Monkey Website Development
http://www.rentamonkey.com/

PGP Key: http://www.rentamonkey.com/pgpkey.asc


#5

Giedrius wrote:

I can’t understand, is my question stupid enough or there’s no people,
who tryed to work with ruby over ssl?
I’ve posting like fourth question regarding SSL on various aspects and
didn’t received any response from anyone.

It’s not a stupid question at all, in fact I stumble on the same
problems.

Your previous “partial” answers helped me.

I created this reminder for me of how I finally did it… I hope this
will help others :slight_smile: