Rails 3.2, activeresource and certificate authentication

Question

I'm writing to ask for an example of use of the active resource with certificate authentication.

The documentation found on http://apidock.com/rails/ActiveResource/Base does not provide examples.

I have two rails application that need to communicate: APP1 (https://app1.mauroapplications.com), APP2 (https://app2.mauroapplications.com)

I generated public/private keys for each application (RSA). APP2 has the public key of APP1 (app1.pem) and viceversa.

In my development environment I have a self signed certificate for SSL.

How do I have to configure a Model extending ActiveResource in APP2?

Many thanks in advance,

Mauro

No, I switched to token protected APIs (http://railscasts.com/episodes/350-rest-api-versioning and http://railscasts.com/episodes/352-securing-an-api) — Mauro Nidola, Jul 24 '12 at 11:54

score 4 · Answer 1 · answered Jul 30 '12 at 08:08

The following code works:

class Person < ActiveResource::Base
  self.site = 'https://api.people.com:3000/'
  self.ssl_options = {
    cert: OpenSSL::X509::Certificate.new(File.open('cert.pem')),
    key: OpenSSL::PKey::RSA.new(File.open('key.pem')),
    ca_file: 'ca.cert.pem',
    verify_mode: OpenSSL::SSL::VERIFY_PEER
  }
end

Where cert.pem is your client certificate, key.pem your client's private key and ca.cert.pem the CA certificate (for validation of the server certificate).

Rails 3.2, activeresource and certificate authentication

1 Answers1