Skip to content
This repository

The following example details a way to create an SSL certificate and configure Trinidad for an intranet environment. It can easily be modified to fit a public facing scenario.

Assumptions

  • using Trinidad for SSL with no front-end web-server
  • using your own Certificate Authority (CA)
  • tools like openssl are available

Outline

  • create a Private Key
  • prepare the Private Key
  • create Certificate Signing Request (CSR)
  • get CSR Signed
  • create a PKCS12 Keystore
  • configure Trinidad

Details

  • create a private key named server.key
    • openssl genrsa -des3 -out server.key 1024
  • for convenience you may want to remove the passphrase from server.key
    • cp server.key server.key.org
    • openssl rsa -in server.key.org -out server.key
  • create the certificate signing request (CSR) named server.csr
    • openssl req -new -key server.key -out server.csr
    • you will be asked a series of questions, most important is to set your fully qualified domain name (FQDN) for your app in the "Common Name" / "First Last Name" field i.e. www.mydomain.com
  • signing the CSR
    • at this point you will need to have your Certificate Authority (CA) sign the CSR. If you do not already have a CA you may consider having a 3rd party CA that is already installed on your users browser do this for you. The point of a CA signing the CSR is to enable you users browsers to automatically trust your certificate. If your certificate is not trusted then your users browsers will display warnings and possibly errors.
    • you should receive back a certificate named something like cert.cer
    • you will also need to obtain CA's public certificate named something like ca.cer (this should be available from your CA, or can easily be exported from your browser)
  • create a PKCS12 key-store (in a file named keys.p12) for Trinidad
    • there are multiple key-store formats supported, one of which is PKCS12 (default is JKS) :

openssl pkcs12 -export -in cert.cer -inkey server.key -out keys.p12 -name tomcat -CAfile ca.cer -caname root -chain

  • configure Trinidad using the key-store we have
    • you will need to setup a configuration file for trinidad e.g. trinidad.yml :
---
  port: 3000
  https:
    port: 8443
    keystoreFile: keys.p12
    keystorePass: password
    keystoreType: pkcs12
  • start up your application the usual way jruby -S trinidad --config trinidad.yml
  • you will likely need to add logic to your application to support automatically redirecting from SSL to non-SSL pages
  • your SSL enabled application should be available at https://www.mydomain.com:8443

Additional resources that may turn out to be helpful :

Something went wrong with that request. Please try again.