Fellow Ruby Programmers,
I''m trying to figure out the "Right" way to use Net:HTTP to
connect
to a server and use a "Digital Certificate". I''m currently
trying to get my
transactions working on the LinkPoint Test server, so I''m sure many
others
will come to the same struggle in time.
Here is how I think I should be posting to the url
(https://staging.linkpt.net:1129)
def get_linkpoint_response(url)
uri = URI.parse url
http = Net::HTTP.new uri.host, uri.port
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_PEER
http.ca_path = File.dirname(__FILE__) + "/../../"
http.ca_file = File.dirname(__FILE__) + "/../../1111.pem"
return http.post(uri.path, @data).body
end
Does this look right? I''m going to post abbreviated contents of the
file (1111.pem) below. I just don''t know enough about SSL to know if
I''m
treating this file correctly.
In case you are wondering, I get "certificate verify failed" in
response.
Please let me know if I''m on the right track with the file they
provided me. It''s a cert right? Or is it a key I need to specify in
"http.key_file=" ??
-patched
-------------------
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQCxdVJvVa5Z2A11foAC8g4jUz5JxNfpKGmgrQDk1z4AdsTjxD+D
lMeUmtdAmjWBNnqB74w8fN9cOTcHUtpHclhKWHoPbOrKTRF+5ZADMTIoEzpKl6ds
79eTt28yahneD8Rta+cEF+AqUwdBcwHPVsEB/Ppk3Y7J/j7IcNbhyK+i3QIDAQAB
AoGAcHVlNGEcCJu+i8MK5NL42rIaOy2floahyc1ZT6yIAktCIwVvKrfScv5dgvc3
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIICgjCCAeugAwIBAgIBADANBgkqhkiG9w0BAQQFADCBhjELMAkGA1UEBhMCVVMx
CzAJBgNVBAgTAkZMMRAwDgYDVQQHEwdPcmxhbmRvMRkwFwYDVQQKExBQYXRjaGVk
IFNvZnR3YXJlMRYwFAYDVQQDEw1HcmVnZyBQb2xsYWNrMSUwIwYJKoZIhvcNAQkB
-----END CERTIFICATE-----
On 27/09/05, Gregg Pollack <patched-i8bqrNpN1PPCXmymsgaQcQ@public.gmane.org> wrote:> Fellow Ruby Programmers, > > I''m trying to figure out the "Right" way to use Net:HTTP to connect > to a server and use a "Digital Certificate". I''m currently trying to get my > transactions working on the LinkPoint Test server, so I''m sure many others > will come to the same struggle in time. > > Here is how I think I should be posting to the url > (https://staging.linkpt.net:1129) > > def get_linkpoint_response(url) > uri = URI.parse url > http = Net::HTTP.new uri.host, uri.port > http.use_ssl = true > http.verify_mode = OpenSSL::SSL::VERIFY_PEER > http.ca_path = File.dirname(__FILE__) + "/../../" > http.ca_file = File.dirname(__FILE__) + "/../../1111.pem" > return http.post(uri.path, @data).body > endThis is giving ruby the CA certificate to check the server end. Use one of ca_path() or ca_file (the latter) - they''re conflicting mechanisms. I don''t see anything there that is to do with client certificates....?> ------------------- > > -----BEGIN RSA PRIVATE KEY----- > MIICXAIBAAKBgQCxdVJvVa5Z2A11foAC8g4jUz5JxNfpKGmgrQDk1z4AdsTjxD+D > lMeUmtdAmjWBNnqB74w8fN9cOTcHUtpHclhKWHoPbOrKTRF+5ZADMTIoEzpKl6ds > 79eTt28yahneD8Rta+cEF+AqUwdBcwHPVsEB/Ppk3Y7J/j7IcNbhyK+i3QIDAQAB > AoGAcHVlNGEcCJu+i8MK5NL42rIaOy2floahyc1ZT6yIAktCIwVvKrfScv5dgvc3 > -----END RSA PRIVATE KEY-----Dude! Don''t go posting this! -- Rasputin :: Jack of All Trades - Master of Nuns
One question then, How do I specify the client certificate. What might a correct connection function look like that uses a private key? Could someone please post the right way to use a PEM file such as the one I posted. No, I did not actually post the real PEM file, I''m not quite that dim. I chopped off like 3 or for lines from the key and the Cert. ;-) Can Anyone help? -----Original Message----- From: Dick Davies [mailto:rasputnik-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org] Sent: Tuesday, September 27, 2005 5:47 AM To: rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org Subject: Re: [Rails] Need Help With SSL Connection On 27/09/05, Gregg Pollack <patched-i8bqrNpN1PPCXmymsgaQcQ@public.gmane.org> wrote:> Fellow Ruby Programmers, > > I''m trying to figure out the "Right" way to use Net:HTTP toconnect> to a server and use a "Digital Certificate". I''m currently trying to getmy> transactions working on the LinkPoint Test server, so I''m sure many others > will come to the same struggle in time. > > Here is how I think I should be posting to the url > (https://staging.linkpt.net:1129) > > def get_linkpoint_response(url) > uri = URI.parse url > http = Net::HTTP.new uri.host, uri.port > http.use_ssl = true > http.verify_mode = OpenSSL::SSL::VERIFY_PEER > http.ca_path = File.dirname(__FILE__) + "/../../" > http.ca_file = File.dirname(__FILE__) + "/../../1111.pem" > return http.post(uri.path, @data).body > endThis is giving ruby the CA certificate to check the server end. Use one of ca_path() or ca_file (the latter) - they''re conflicting mechanisms. I don''t see anything there that is to do with client certificates....?> ------------------- >-----BEGIN RSA PRIVATE KEY----- MIICXAIBAAKBgQCxdVJvVa5Z2A11foAC8g4jUz5JxNfpKGmgrQDk1z4AdsTjxD+D lMeUmtdAmjWBNnqB74w8fN9cOTcHUtpHclhKWHoPbOrKTRF+5ZADMTIoEzpKl6ds 79eTt28yahneD8Rta+cEF+AqUwdBcwHPVsEB/Ppk3Y7J/j7IcNbhyK+i3QIDAQAB AoGAcHVlNGEcCJu+i8MK5NL42rIaOy2floahyc1ZT6yIAktCIwVvKrfScv5dgvc3 -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIICgjCCAeugAwIBAgIBADANBgkqhkiG9w0BAQQFADCBhjELMAkGA1UEBhMCVVMx CzAJBgNVBAgTAkZMMRAwDgYDVQQHEwdPcmxhbmRvMRkwFwYDVQQKExBQYXRjaGVk IFNvZnR3YXJlMRYwFAYDVQQDEw1HcmVnZyBQb2xsYWNrMSUwIwYJKoZIhvcNAQkB -----END CERTIFICATE-----> Dude! Don''t go posting this! -- Rasputin :: Jack of All Trades - Master of Nuns _______________________________________________ Rails mailing list Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org http://lists.rubyonrails.org/mailman/listinfo/rails