awinabi/ssl_puma.sh

## ssl_puma.sh

# 1) Create your private key (any password will do, we remove it below)
$ cd ~/.ssh
$ openssl genrsa -des3 -out server.orig.key 2048

# 2) Remove the password
$ openssl rsa -in server.orig.key -out server.key


# 3) Generate the csr (Certificate signing request) (Details are important!)
$ openssl req -new -key server.key -out server.csr

# IMPORTANT
# MUST have localhost.ssl as the common name to keep browsers happy
# (has to do with non internal domain names ... which sadly can be
# avoided with a domain name with a "." in the middle of it somewhere)

Country Name (2 letter code) [AU]:
...
Common Name: localhost.ssl
...


# 4) Generate self signed ssl certificate
$ openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

# 5) Finally Add localhost.ssl to your hosts file
$ echo "127.0.0.1 localhost.ssl" | sudo tee -a /private/etc/hosts

# 6) Boot puma
# Notes:
# Puma might give an error - puma-3.4.0/lib/puma/binder.rb:143:in `check': SSL not available in this build (StandardError)
# IN this case gem uninstall puma and install puma with ssl
# gem install puma -v '3.4.0' -- --with-cppflags=-I/usr/local/opt/openssl/include --with-ldflags=-L/usr/local/opt/openssl/lib

$ puma -b 'ssl://127.0.0.1:3000?key=/Users/tadas/.ssh/server.key&cert=/Users/tadas/.ssh/server.crt'

7) Add server.crt as trusted !!SYSTEM!! (not login) cert in the mac osx keychain
Open keychain tool, drag .crt file to system, and trust everything.

# Notes:
# 1) Https traffic and http traffic can't be served from the same process. If you want
#    both you need to start two instances on different ports.

	# 1) Create your private key (any password will do, we remove it below)
	$ cd ~/.ssh
	$ openssl genrsa -des3 -out server.orig.key 2048

	# 2) Remove the password
	$ openssl rsa -in server.orig.key -out server.key


	# 3) Generate the csr (Certificate signing request) (Details are important!)
	$ openssl req -new -key server.key -out server.csr

	# IMPORTANT
	# MUST have localhost.ssl as the common name to keep browsers happy
	# (has to do with non internal domain names ... which sadly can be
	# avoided with a domain name with a "." in the middle of it somewhere)

	Country Name (2 letter code) [AU]:
	...
	Common Name: localhost.ssl
	...


	# 4) Generate self signed ssl certificate
	$ openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

	# 5) Finally Add localhost.ssl to your hosts file
	$ echo "127.0.0.1 localhost.ssl" \| sudo tee -a /private/etc/hosts

	# 6) Boot puma
	# Notes:
	# Puma might give an error - puma-3.4.0/lib/puma/binder.rb:143:in `check': SSL not available in this build (StandardError)
	# IN this case gem uninstall puma and install puma with ssl
	# gem install puma -v '3.4.0' -- --with-cppflags=-I/usr/local/opt/openssl/include --with-ldflags=-L/usr/local/opt/openssl/lib

	$ puma -b 'ssl://127.0.0.1:3000?key=/Users/tadas/.ssh/server.key&cert=/Users/tadas/.ssh/server.crt'

	7) Add server.crt as trusted !!SYSTEM!! (not login) cert in the mac osx keychain
	Open keychain tool, drag .crt file to system, and trust everything.

	# Notes:
	# 1) Https traffic and http traffic can't be served from the same process. If you want
	# both you need to start two instances on different ports.