Skip to content

SSL certificate issues #298

New issue
New issue
Open
Open
SSL certificate issues#298
Assignees
WilliamMcCumstie
Labels
bug
@ColonelPanics

Description

@ColonelPanics
ColonelPanics
opened on Sep 19, 2019

SSL doesn't work unless the client is set to ignore it or is explicitly given the CA authority file which seems very unnecessary.

Detailed explanation - https://alces.slack.com/files/T025J03QZ/FNHCK0S9J?origin_team=T025J03QZ

According to @mjtko this problem can be fixed by splitting out the server-side certificate and adding an additional config filed to the config.ru file:

ssl_options = if Cloudware::Config.ssl_private_key? && Cloudware::Config.ssl_certificate?
  base_options.merge(
    SSLCertificate: OpenSSL::X509::Certificate.new(Cloudware::Config.read_ssl_certificate),
    SSLPrivateKey: OpenSSL::PKey::RSA.new(Cloudware::Config.read_ssl_private_key),
    SSLExtraChainCert: [OpenSSL::X509::Certificate.new(File.read('etc/ssl.ca.crt'))],
  )

Discussion regarding solution - https://alces.slack.com/archives/C82EXS7J4/p1568893506020100

Metadata

Metadata

Assignees

Labels

bug

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions