Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
localhost SSL with puma
# 1) Create your private key (any password will do, we remove it below)
$ cd ~/.ssh
$ openssl genrsa -des3 -out server.orig.key 2048
# 2) Remove the password
$ openssl rsa -in server.orig.key -out server.key
# 3) Generate the csr (Certificate signing request) (Details are important!)
$ openssl req -new -key server.key -out server.csr
# IMPORTANT
# MUST have localhost.ssl as the common name to keep browsers happy
# (has to do with non internal domain names ... which sadly can be
# avoided with a domain name with a "." in the middle of it somewhere)
Country Name (2 letter code) [AU]:
...
Common Name: localhost.ssl
...
# 4) Generate self signed ssl certificate
$ openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
# 5) Finally Add localhost.ssl to your hosts file
$ echo "127.0.0.1 localhost.ssl" | sudo tee -a /private/etc/hosts
# 6) Boot puma
$ puma -b 'ssl://127.0.0.1:3000?key=/Users/tadas/.ssh/server.key&cert=/Users/tadas/.ssh/server.crt'
# 7) Add server.crt as trusted !!SYSTEM!! (not login) cert in the mac osx keychain
# Open keychain tool, drag .crt file to system, and trust everything.
# Notes:
# 1) Https traffic and http traffic can't be served from the same process. If you want
# both you need to start two instances on different ports.
#
#
@allencch
Copy link

allencch commented Mar 24, 2022

In order to run with Rails (version 7),

bin/rails s -u puma -b 'ssl://127.0.0.1:3000?key=server.key&cert=server.crt&verify_mode=peer&ca=server.crt'

@pirkka
Copy link

pirkka commented May 27, 2022

There is a fantastic tool called mkcert which eliminates most of the pain of generating self signed certs and installing them as trusted certs on your machine - https://github.com/FiloSottile/mkcert. Way easier than trying wrangle OpenSSL commands and APIs.

I would like to recommend this approach as well.

I am no SSL guru, so I had a long battle trying to get local SSL to work a my new computer (it works fine on my older one). At some point I even had subjectively non-deterministic results where my SSL would work for a minute or two and then stop working with no apparent change in anything.

Using the mkcert on my macOS computer via homebrew solved the problem very quickly and easily.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment