ActionMailer and a self-signed SSL Cert - ruby-on-rails

I have an application (an installation of Discourse) that I'm trying to deploy. However, the email server that it is pointed at has a self-signed ssl cert for SMTP.
Is there a workaround for this? Or do I need to find a way to send mail using a "valid" SSL cert?

Few things actually care that deeply about a proper cert for SMTP. Mostly user agents.
If the cert is a problem you won't get timeouts, you'll get validation errors. I suspect what's happening is that you're trying to connect over the SMTPS port which isn't listening or exposed by the firewall.
Try using SMTP+STARTTLS. That negotiates TLS over port 25 or 587 instead of trying to connect directly to 465.

Related

https SSL for IP address?

I have HTTP requests in my iOS app to a simple NODE.js app on my server. Since iOS has App Transport Security, I wondered how I could simply add a self-signed SSL certification to my IP address then I wouldn't have to worry about bypassing ATS. It would just look like
https://192.0.2.12/API
Is there a simple way to do it on an Ubuntu server?

Using data flow with https on cloud foundry

I am trying to deploy a data flow server on Cloud foundry and create a simple app.
Only https end point could be exposed. I cannot enable https using this :
http://docs.spring.io/spring-cloud-dataflow/docs/current-SNAPSHOT/reference/htmlsingle/#configuration-security-enabling-https
As ssl is managed by cf. How do I make data flow server using https?
I have this error:
dataflow:>app list
Command failed org.springframework.web.client.ResourceAccessException: I/O error on GET request for "http://dataflow-server.run.aws-usw02-pr.ice.predix.io/apps": Connect to dataflow-server.run.aws-usw02-pr.ice.predix.io:80 [dataflow-server.run.aws-usw02-pr.ice.predix.io/54.201.89.124, dataflow-server.run.aws-usw02-pr.ice.predix.io/52.88.128.224] failed: Connection refused (Connection refused); nested exception is org.apache.http.conn.HttpHostConnectException: Connect to dataflow-server.run.aws-usw02-pr.ice.predix.io:80 [dataflow-server.run.aws-usw02-pr.ice.predix.io/54.201.89.124, dataflow-server.run.aws-usw02-pr.ice.predix.io/52.88.128.224] failed: Connection refused (Connection refused)
Thanks in advance.
Best Regards
as you already mentioned, you can not enable https at the container level inside cloudfoundry today. The traffic between the router and diego cell is not encrypted (unless you are using IPSEC).
So your dataflow server would not be configured with https, just deploy the server as it is. You should rely on your cloudfoundry install to have an open port at 443 on it's loadbalancer that forwards traffic to the router. Later CF incarnations support certificate placement at the router level.
Now, at the client (dataflow-shell) if you are using a valid certificate you don't need to do anything, but if you have a selfsigned certificate, you need to tell it to accept self-signed certificates, or skip validation all together.

Rails Heroku Cloudflare SSL and websockets

I have set up my Rails app on Heroku and used the information in the post: Heroku + Cloudflare completely free SSL to get SSL working for free, but my websockets connection does not work. I get the error WebSocket connection to 'wss://www.myapp.com/websocket' failed: Error during WebSocket handshake: Unexpected response code: 200. I understand that this is due to Cloudflare not supporting websockets in their free plans and they suggest setting up a subdomain that does not pass through Cloudflare. The problem of course is that the subdomain cannot then use the 'free' SSL setup.
Is there anyway I can get this to work, or do I have to shell out for either SSL support on Heroku or Websocket support on Cloudflare?
I know this is an old thread.
But now cloudflare supports websocket for free plan as well. It just restricts the ports which can be used.
I recently encountered this situation and could implement the websockets through cloudflare.
Can refer my approach here
May help someone.

Use a trusted CA signed certifiicate on a local rails server

This might sound a little stupid, but I am trying to test out IOS device enrollment and I want to use a trusted CA(eg Verisign,Comodo) signed certificate to add to my localhost rails webrick server. I do not want to add a self signed certificate because I need to test a very particular scenario. Is there a way to do this? I know domain controller validation will fail if I try to create the CA signed certificate on a website like Comodo and I cant use a certificate I already have for my production server since its bound to that domain. Is there a way to workaround this and create a production level SSL certificate and use it for development server?
You can use your existing production certificates for your local setup, and use a local DNS server (such as BIND) to resolve the domain name to your local ip address instead of your production servers ip address.
Update:
Install BIND (or whatever DNS server software you like) on some computer on your network, let us say 192.168.100.10.
Add www.myprodserver.com to resolve to 192.168.100.100.
Now on your local machine (assume its a MacBook), go to your network settings and add 192.168.100.10 as the only DNS server.
Now run ping www.myprodserver.com and make sure it is resolving to 192.168.100.100.
This is almost equivalent (but not exactly) to using /etc/hosts file to resolve domain names to ip addresses .
(all ip addresses and domain names used above are just for example)
Also, I think you will need something better than WEBRick to handle SSL certificates. You can use nginx to offload SSL and proxy to WEBRick

SSL connection error in production mode rails 3.2.3 thin server

I have
config.force_ssl = true
in my environment/production.rb file so as to make every request sequre with ssl and https.
I came to know that SSL can't be enabled in development mode. So, I started my thin web server in production mode and when I went to
https://127.0.0.1:3000
it's the same as the development mode(SSL connection error). Tried almost all the links of first 6 pages fetched by google. Anybody have solution to my problem??
P.S. I'm working on windows and I have client authentication certificate.
The problem you described is related to using a self-signed certificate.
SSL certificates relies on a chain of trust, where the root CA's (Certification Authority) are at the top.
To understand more how it works, the Wikipedia entry on SSL provide a good insight. For Self-Signed certificates there's also an entry at Wikipedia.
To solve you issue you can have a self-signed certificate (be aware of the security issues), but your users will be always prompted for an action.
Another option is to apply for a certificate on CertCA since some Linux distributions have them on root CA's.
The last and most reliable option is to acquire a certificate.

Resources