One of the last minute changes I had to make on the sds-rest library was to change it from using HTTP to HTTPS, I thought this would be straight-forward but it turned out to be slightly tricky.

Thankfully I found this post that outlines the basics of setting up HTTPS in Ruby. Most people probably take the first method of not verifying the certificate, but that didn't seem like a very good thing to do.

For Ruby to validate the certificate you have to provide a list of valid certificates, the above post provides a link to a comprehensive list of valid certificates... but among being GPL licensed the list if rather large. I only need to worry about the certificate for the SDS address, but it turns out this is pretty easy.

Navigate to the SSL address in Firefox (https://database.windows.net/ in my case) and go to Tools -> Page Info and click on View Certificate. Click on Details, then Export, and select X.509 Certificate with Chain (PEM). You can then reference this file from your code:

http.ca_file = File.join(File.dirname(__FILE__), "MSSA.pem")

Now Ruby will ensure that the certificate on the server matches one of the certificates in this file.

Here is my basic connection code:

http = Net::HTTP.new(get_url, 443)
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_PEER
http.ca_file = File.join(File.dirname(__FILE__), "MSSA.pem")
        
http.start {|http| 
	response = http.request(req)
	response
}

If you are interested in the sds-rest project you can check it out on github.

-James

There are no comments yet...Kick things off by filling out the form below.