One of the last minute changes I had to make on the sds-rest library was to change it from using HTTP to HTTPS, I thought this would be straight-forward but it turned out to be slightly tricky.
Thankfully I found this post that outlines the basics of setting up HTTPS in Ruby. Most people probably take the first method of not verifying the certificate, but that didn't seem like a very good thing to do.
For Ruby to validate the certificate you have to provide a list of valid certificates, the above post provides a link to a comprehensive list of valid certificates... but among being GPL licensed the list if rather large. I only need to worry about the certificate for the SDS address, but it turns out this is pretty easy.
Navigate to the SSL address in Firefox (https://database.windows.net/ in my case) and go to Tools -> Page Info and click on View Certificate. Click on Details, then Export, and select X.509 Certificate with Chain (PEM). You can then reference this file from your code:
http.ca_file = File.join(File.dirname(__FILE__), "MSSA.pem")
Now Ruby will ensure that the certificate on the server matches one of the certificates in this file.
Here is my basic connection code:
http = Net::HTTP.new(get_url, 443)
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_PEER
http.ca_file = File.join(File.dirname(__FILE__), "MSSA.pem")
http.start {|http|
response = http.request(req)
response
}
If you are interested in the sds-rest project you can check it out on github.
-James
