SSL in Rails

A few words about terms. You may be aware of SSL and TLS. According to wiki SSL 3.0 is predecessor of TLS 1.0. It may be allowed to say that TLS is SSL 3.1. US Government has already prohibited using of SSL in their sensitive communications. SSL is old and have a lot of vulnerabilities. It’s believed that TLS is more secure than SSL. Ok, let’s get down to work..

Key Generation

openssl genrsa -aes128 -out fd.key 2048
  • genrsa - generate a rsa key
  • -aes128 - the key will be protected byt AES-128
  • -out fd.key - the name of output file name of key
  • 2048 - size of the key.

Creating Certificate Signing Requests

With having the key now let’s create CSR file. This file will have all sensitive information

openssl req -new -key fd.key -out fd.csr

##Signing Your Own Certificates

Now you can sign your CSR file:

openssl x509 -req -days 365 -in fd.csr -signkey fd.key -out fd.crt

If you don’t want to create CSR file as a single step use following command:

openssl req -new -x509 -days 365 -key fd.key -out fd.crt

Answer all questions as you wish, but when it asks Common Name (e.g. server FQDN or YOUR name) input the name that you point out in apache .conf as a ServerName. Let it be ``.

Apache Configuration

I’m using for my apps apache as a web server. Here are steps to setup it to use SSL. First of all we need to disable a key password.

openssl rsa -in fd.key -out fd_np.key
mv fd.key
mv fd_np.key fd.key

Check if we get rid of a password: openssl rsa -text -in fd.key.

Now copy fd.key and fd.crt to Ubuntu Trust Store

sudo cp fd.crt /etc/ssl/certs/
sudo cp fd.key /etc/ssl/private/
sudo chmod 0600 /etc/ssl/private/fd.key

For using SSL apache has a module for this. Let’s enable it:

sudo a2enmod ssl

Now we have to re-write our .conf in `/etc/apache2/sites-enabled`

   # change default port to 443
   <VirtualHost *:443>                                                                                                                          
      DocumentRoot /var/www/myapp/current/public                                                                                          
      <Directory /var/www/myapp/current/public>                                                                                           
         # This relaxes Apache security settings.                                                                                              
         AllowOverride all                                                                                                                     
         # MultiViews must be turned off.                                                                                                      
         Options -MultiViews                                                                                                                   
         # Uncomment this if you're on Apache >= 2.4:                                                                                          
         Require all granted   

        # Add SSL stuff here
  		SSLEngine on
  		SSLCertificateFile    /etc/ssl/certs/fd.crt
		SSLCertificateKeyFile /etc/ssl/private/fd.key

And now final step

  sudo service apache2 restart


If you want to run your RoR app in ssl mode add force_ssl to your application controller.

If you’re using devise force it to use ssl as well. Add these lines to config/environments/production.rb

config.to_prepare { Devise::SessionsController.force_ssl }
config.to_prepare { Devise::RegistrationsController.force_ssl }
config.to_prepare { Devise::PasswordsController.force_ssl }


The post was written before Let’s Encrypt came out, but I still think it contains useful information about certificates.