I use Namecheap.com as a registrar, and they resale SSL Certs from a number of other companies, including Comodo.
These are the steps I went through to set up an SSL cert.
I use Namecheap.com as a registrar, and they resale SSL Certs from a number of other companies, including Comodo.
These are the steps I went through to set up an SSL cert.
# 1) Create your private key (any password will do, we remove it below) | |
$ cd ~/.ssh | |
$ openssl genrsa -des3 -out server.orig.key 2048 | |
# 2) Remove the password | |
$ openssl rsa -in server.orig.key -out server.key | |
# 3) Generate the csr (Certificate signing request) (Details are important!) |
Rails 3.1 introduced force_ssl
. You can add config.force_ssl = true
in application.rb
.
By enabling force_ssl
, Rails send a HSTS (HTTP Strict Transport Security) header which will expired in a year.
So if you enabled force_ssl
once, even you change the config value to false
later, the browser you used to open you app before will still remember this website (using domain to identify) require to use HTTPS, and redirect you to HTTPS connection automatically. You may use chrome://net-internals/#hsts
to check the domain list in Google Chrome.