-
Simple Setup of SSL on Apache with mod_ssl and OpenSSL
This is a very simple way of setting up Apache with SSL from a trusted Certificate Authority(CA), just follow these steps and you will have it running in no time. I am assuming you have all the prerequisites installed, Apache with mod_ssl enabled and OpenSSL. I add the following to the server configuration (either httpd.conf or apache2.conf) so it knows to listen on port 443, you can do this in the virtual host file if you wish:
<IfModule mod_ssl.c>
NameVirtualHost *:443
</IfModule>
The next thing you will want to do is create an RSA key for your server. There are 2 ways to do this you can do it so that Apache will require a password at startup/restart, or you can do it without this added encryption. If you choose not to use encryption, you should make sure you protect this key as much as possible! Rename domainname with your actual domain name you want to secure.
Read the rest of this entry »
-
Rails Application and SSL Problem in Internet Explorer
Recently we ran across a very annoying problem when deploying a Ruby on Rails application running under SSL when viewed in IE7. When we loaded the page in Internet Explorer 7 there was a content security error. This made no sense at all as everything was secure, and even when we hard coded absolute links the problem still persisted. What could possibly be causing this problem.
Thinking perhaps it was some random HTTP link sitting in the code, the developers went over everything with a fine tooth comb and could not find the problem. Knowing that a secure content error could be the result of a number of things we broke parts out of the page and rebuilt the page one line at a time until we recreated the content error. Low and behold we found a single JS file that was causing this problem!