Closed thyrymn closed 9 years ago
Hey @thyrymn it should be something like:
~/Cartero/bin# ./cartero -debug Listener -p 80 -W /tmp/qa/qa -s -C /root/Cartero/bin/file.cer -K /root/Cartero/bin/new.cert.key
./cartero -debug Listener -p 443 -W /tmp/qa/qa -s --sslcert /root/Cartero/bin/new.cer -K new.cert.key
WebServer on SSL mode needs a cert path [ --sslcert ].
/root/Cartero/lib/cartero/commands/listener.rb:182:in setup' /root/Cartero/lib/cartero/command.rb:81:in
block in method_added'
/root/Cartero/lib/cartero/cli.rb:190:in block in run' /root/Cartero/lib/cartero/cli.rb:184:in
each'
/root/Cartero/lib/cartero/cli.rb:184:in run' ./cartero:52:in
OK, now we are talking ! :-) Let me figure out what is going on here. I haven't use this option a lot, since a good way to handle this as well is to use Apache and/or my favorite option is Cloudflare SSL service to get valid HTTPs certs that are free.
I made the certs with openssl.
@thyrymn Do you mind sharing exactly what you did w/ openssl, so I can replicate your issue ?
Problem fixed. Updating changes.
@thyrymn can you check fixes ?
I found some interesting code on the net, I changed it and I used this code to create the Certs to test the app and it works now. I am going to add the script to Cartero, so it is easy to test SSL things in the future.
require 'rubygems'
require 'openssl'
key = OpenSSL::PKey::RSA.new(2048)
public_key = key.public_key
puts "[*] - Generating Private key (private.key)"
File.open("/tmp/private.key", "w") {|x| x << key.to_s}
subject = "/C=US/O=Cartero/OU=Cartero/CN=Cartero"
cert = OpenSSL::X509::Certificate.new
cert.subject = cert.issuer = OpenSSL::X509::Name.parse(subject)
cert.not_before = Time.now
cert.not_after = Time.now + 365 * 24 * 60 * 60
cert.public_key = public_key
cert.serial = 0x0
cert.version = 2
ef = OpenSSL::X509::ExtensionFactory.new
ef.subject_certificate = cert
ef.issuer_certificate = cert
cert.extensions = [
ef.create_extension("basicConstraints","CA:TRUE", true),
ef.create_extension("subjectKeyIdentifier", "hash"),
# ef.create_extension("keyUsage", "cRLSign,keyCertSign", true),
]
cert.add_extension ef.create_extension("authorityKeyIdentifier",
"keyid:always,issuer:always")
cert.sign key, OpenSSL::Digest::SHA256.new
puts "[*] - Generating Certificate (cert.pem)"
File.open("/tmp/cert.pem", "w") {|x| x << cert.to_pem}
It loads with my certs now, something elsa is wrong, not sure if it is me or Cartero now. Working....
Let me know, because I was able to get it running and it worked on Chrome + Safari. Clearly it complained about self-sign cert, but it worked.
i used the code above, when loading the cert, catero wants a pem passphase. it seems lame, but i can't figure out what the passphase is from the code:
vkey.pem Puma starting in single mode...
The ruby code above to create keys, does NOT create a passphrase. So it should not ask for a Private key. Can you try w/ that code ? it stores keys on /tmp/private.key and /tmp/cert.pem The key is asking is for your private key. If you setup your private key with a passphrase, it will obviously ask for it. :+1:
got it. pathing problems between cartero installs. Cleaned them all up now so I only have one.
Either I'm not understanding the help file or I can't get past the --sslcert routine in the Listener:
~/Cartero/bin# ./cartero -debug Listener -p 80 -W /tmp/qa/qa -s --sslcert /root/Cartero/bin/ -K new.cert.key WebServer on SSL mode needs a cert path [ --sslcert ]. /root/Cartero/lib/cartero/commands/listener.rb:182:in'
setup' /root/Cartero/lib/cartero/command.rb:81:in
block in method_added' /root/Cartero/lib/cartero/cli.rb:190:inblock in run' /root/Cartero/lib/cartero/cli.rb:184:in
each' /root/Cartero/lib/cartero/cli.rb:184:inrun' ./cartero:52:in