03 December 2008

Redirecting a http request to https in Rails

In my previous blog i instructed how to install a SSL certificate in server. In this tutorial I will provide you some insights on how to redirect a http request to a https.

we need two methods:


1. One is for going to from http to https:
def require_https  
redirect_to :protocol => "https://" unless (request.ssl? or local_request? or request.post? or ENV["RAILS_ENV"]=="development")   
end

2. The other is the reverse of this one, that is going from https to http:

def require_http  
redirect_to :protocol => "http://" if (request.ssl?)   
end


Now you can call these two function where it is necessary like:
before_filter :require_https


In this point you may get an error like “Infinite Redirection loop”. In order to solve this problem add the following line at
RequestHeader set X_FORWARDED_PROTO 'https'

So the config file should be something like this:


RequestHeader set X_FORWARDED_PROTO 'https'  
SSLEngine on    
SSLCertificateFile /etc/apache2/SSL_Files/abc.crt    
SSLCertificateKeyFile /etc/apache2/SSL_Files/abc.key    
SSLCertificateChainFile /etc/apache2/SSL_Files/gd_bundle.crt    

Now any request coming to http should be redirected to https.

Hope this will serve your purpose. Happy coding!!

01 December 2008

Steps for installing SSL certificate in Linux

Here is a complete process of installing SSL certificate in Linux box which run in Amazon EC2 instance and served by Apache. I will also provide suggestion to show how homepage can be served in https while invoking the default page.

I tested with:

1. Linux version 2.6.16 (Red Hat 4.0.1-5)

2. Apache 2

You will need an installed copy of OpenSSL in the box. It is installed by default with Apache2. If you do not have it installed you should install it from http://www.openssl.org/

So here are the steps:

1. Generating a private key:

To create a private key Go to /etc/apache2/conf.d and use the following command:

/usr/bin/openssl genrsa –rand /dev/urandom –out /etc/apache2/conf.d/server.key

Hence a private key file named “server.key” will be generated at the /etc/apache2/conf.d

2. Generating CSR (certificate signing request):

For creating a file named server.csr at the same directory the following command should be written:

/usr/bin/openssl req –new –key /etc/apache2/conf.d/server.key –out /etc/apache2/conf.d/server.csr

After proving this command some information should be provided. A CSR file will be generated after this one.

3. Creating a Certificate:

You can generate a Commercially Signed Certificate file from any Commercially Signed Authority by providing the private key and csr.

4. Installing the certificate:

Go to /etc/apache2/sites-available/default and add the following configuration:

<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /etc/apache2/SSL_Files/abc.crt
SSLCertificateKeyFile /etc/apache2/SSL_Files/abc.key
SSLCertificateChainFile /etc/apache2/SSL_Files/gd_bundle.crt
</VirtualHost>

Make sure that port 443 is open.

That’s it!!Now your certificate is installed in the server.