SSL End To End Example

Karol Bucek edited this page Apr 15, 2014 · 2 revisions

The following example details a way to create an SSL certificate and configure Trinidad for an intranet environment. It can easily be modified to fit a public facing scenario.


  • using Trinidad for SSL with no front-end web-server
  • using your own Certificate Authority (CA)
  • tools like openssl are available


  • create a Private Key
  • prepare the Private Key
  • create Certificate Signing Request (CSR)
  • get CSR Signed
  • create a PKCS12 Keystore
  • configure Trinidad


  • create a private key named server.key
  • openssl genrsa -des3 -out server.key 1024
  • for convenience you may want to remove the passphrase from server.key
  • cp server.key
  • openssl rsa -in -out server.key
  • create the certificate signing request (CSR) named server.csr
  • openssl req -new -key server.key -out server.csr
  • you will be asked a series of questions, most important is to set your fully qualified domain name (FQDN) for your app in the "Common Name" / "First Last Name" field i.e.
  • signing the CSR
  • at this point you will need to have your Certificate Authority (CA) sign the CSR. If you do not already have a CA you may consider having a 3rd party CA that is already installed on your users browser do this for you. The point of a CA signing the CSR is to enable you users browsers to automatically trust your certificate. If your certificate is not trusted then your users browsers will display warnings and possibly errors.
  • you should receive back a certificate named something like cert.cer
  • you will also need to obtain CA's public certificate named something like ca.cer (this should be available from your CA, or can easily be exported from your browser)
  • create a PKCS12 key-store (in a file named keys.p12) for Trinidad
  • there are multiple key-store formats supported, one of which is PKCS12 (default is JKS) :

openssl pkcs12 -export -in cert.cer -inkey server.key -out keys.p12 -name tomcat -CAfile ca.cer -caname root -chain

  • configure Trinidad using the key-store we have
  • you will need to setup a configuration file for trinidad e.g. trinidad.yml :
  port: 3000
    port: 8443
    keystoreFile: keys.p12
    keystorePass: password
    keystoreType: pkcs12
  • start up your application the usual way jruby -S trinidad --config trinidad.yml
  • you will likely need to add logic to your application to support automatically redirecting from SSL to non-SSL pages
  • your SSL enabled application should be available at

Additional resources that may turn out to be helpful :