I'm trying to enable rails SSL on one specific path. The rest of the website should render in http.
Also this connection is made between the rails server and an android device. The android device should send his information in SSL with a own created certificate.
Is this possible in Rails or not?
You should try ssl_requirement gem. It enables specific actions to run under SSL.
Related
I have a Heroku app and am using a custom subdomain to point to it. Let's say my subdomain is blog.mysite.com.
When I navigate to the site, chrome throws the error: ERR_SSL_PROTOCOL_ERROR. In the address bar, it automatically reroutes to https://blog.mysite.com. Is this the issue? Why is it not just http://blog.mysite.com?
My domain is through bluehost if that matters.
If you are running a free dyno, you will not get TLS support on your custom subdomain. Upgrade it to at least the "Hobby" tier and it will provision a free certificate to match your custom subdomain.
As for why it automatically reroutes, that's something happening within your application or custom process configuration. Heroku doesn't automatically re-route from http to https.
For me, I'd neglected to set up Automated Certificate Management in Heroku. Enabling this fixed the problem.
I am developing rails 4 project with some API,
And I need to configure two-way SSL authentication for these API requests.
I know that two-way SSL means that:
client and server have certificates
server check client's sertificate
client check server's sertificate
if everything is OK client send a request
if everything is OK server send a response
But how it can be implement in rails?
And how can it be implemented only for rails API (requests with /api/.. prefix etc.)?
Or I am not right and it should be implemented on Nginx layer....?
Does any ruby gems for two-way SSL authentication exists?
with easy to understand documentation :)
This problem should not be solved on application layer.
Please, find example of nginx settings in the answer of this question.
I would ideally want it to work on my the server on my laptop, as well as the website I deploy to. The reason being so I can send push notifications to the iOS app.
The certificate depends on the web server, correct? So what kind of webserver is meteor?
I'm getting the above mention error when my client update their device to iOS 7.1, and then try to update our app from the AppCenter.
After some searching, i found a post with a similar problem here. But then since i'm in an environment where by the client is using AppCenter to update the apps, i can't be using USB to plugin and install the app for them.
Is there any workaround for downloads via AppCenter until a support is released?
A change was introduced to iOS as of iOS 7.1 that requires OTA application installation to take place over HTTPS (rather than HTTP), and no provision exists to allow the user to continue to accept the old behavior (i.e., to permit application installation over HTTP). It is my understanding that this was done as a security enhancement.
In order to do application installations on iOS 7.1 from Application Center, you would need to configure your Application Center to use HTTPS rather than HTTP, using a certificate that will be accepted as valid by your iOS device - that is, either issued by a recognized public CA, or issued by a private CA that you have set up your mobile devices to accept. You can find more information about how to perform this configuration here:
http://pic.dhe.ibm.com/infocenter/wrklight/v6r1m0/topic/com.ibm.worklight.installconfig.doc/appcenter/c_ac_ssl_config.html
I would add some details. (Just work out this question)
We use self developed app center for our customers, to distribute demo/report apps.
You need SSL certificate. (see the post above)
You can buy any kind of public certificate . In some cases you can use self signed certificate previously installed on iOS device by Apple Configurator.
It seems that you don’t have to use https everywhere. Secure URL (https) must have a link to .plist only. The app center web site url and package .ipa url can still be under http.
… and shame on Apple that invents new ways to make developer life hard.
I have a Ruby on Rails app running on Heroku server. As I'm testing the app with SSL certificate, I added a non-paid one like this tutorial explains, and forced the server app to use SSL with RackSSL gem.
So, I also have an Android client and I have some doubts:
How do I verify if the client request is using the same certificate?
How do I force SSL only on specific Rails routes?
Thanks in advance!
Ad. 1, do as suggested in the guide: Visit the endpoint and look at the certificate that gets served up (it should be the one you added). Note that the certificate is not different depending on the client accessing Heroku, it's something that Heroku serves up to clients accessing the endpoint so you can verify this using either a normal desktop browser or your smartphone.
Ad. 2, check out this answer which suggests rack-ssl-enforcer.