Comments on: How to Add Some Security with a Self-Signed SSL Certificate to Your Rails App Served by Nginx http://shapingclouds.com/2010/01/02/how-to-add-some-security-with-a-self-signed-ssl-certificate-to-your-rails-app-running-on-nginx/ A blog on developing, deploying and maintaining web applications at Firmhouse Sat, 31 Jul 2010 17:32:59 +0000 hourly 1 http://wordpress.org/?v=3.0.1 By: How to: Self-Signed SSL Certificate in Your Rails App Served by … http://shapingclouds.com/2010/01/02/how-to-add-some-security-with-a-self-signed-ssl-certificate-to-your-rails-app-running-on-nginx/comment-page-1/#comment-149 How to: Self-Signed SSL Certificate in Your Rails App Served by … Sat, 16 Jan 2010 04:45:29 +0000 http://shapingclouds.com/?p=399#comment-149 [...] How to: Self-Signed SSL Certificate in your Rails App Served by &#8230... [...] [...] How to: Self-Signed SSL Certificate in your Rails App Served by &#8230… [...]

]]> By: Michiel http://shapingclouds.com/2010/01/02/how-to-add-some-security-with-a-self-signed-ssl-certificate-to-your-rails-app-running-on-nginx/comment-page-1/#comment-144 Michiel Mon, 04 Jan 2010 13:20:15 +0000 http://shapingclouds.com/?p=399#comment-144 Hi Mohamed1. That's great news. I'm happy I could help. If you have any other questions about using SSL with Rails or nginx. Please let me know. Hi Mohamed1. That’s great news. I’m happy I could help. If you have any other questions about using SSL with Rails or nginx. Please let me know.

]]> By: Mohamed1 http://shapingclouds.com/2010/01/02/how-to-add-some-security-with-a-self-signed-ssl-certificate-to-your-rails-app-running-on-nginx/comment-page-1/#comment-143 Mohamed1 Mon, 04 Jan 2010 12:26:32 +0000 http://shapingclouds.com/?p=399#comment-143 I had the same issue at http://onexenvps.com but I figured out it with your tutorial THANKS! I had the same issue at http://onexenvps.com but I figured out it with your tutorial THANKS!

]]> By: Michiel http://shapingclouds.com/2010/01/02/how-to-add-some-security-with-a-self-signed-ssl-certificate-to-your-rails-app-running-on-nginx/comment-page-1/#comment-140 Michiel Sun, 03 Jan 2010 01:28:26 +0000 http://shapingclouds.com/?p=399#comment-140 @taf2 (second comment): Agreed, maybe I will write up an article with the same content after I have tested with better demoable alternatives for signed certificates. And: much thanks for your comments. I rather have smart critical ones than none at all :) If you have any tips or other suggestions, please drop a line! @taf2 (second comment): Agreed, maybe I will write up an article with the same content after I have tested with better demoable alternatives for signed certificates.

And: much thanks for your comments. I rather have smart critical ones than none at all :) If you have any tips or other suggestions, please drop a line!

]]> By: Michiel http://shapingclouds.com/2010/01/02/how-to-add-some-security-with-a-self-signed-ssl-certificate-to-your-rails-app-running-on-nginx/comment-page-1/#comment-139 Michiel Sun, 03 Jan 2010 01:26:28 +0000 http://shapingclouds.com/?p=399#comment-139 Hi taf2. I totally agree with you on that point. Self-signing your application is not the right move on production environment. If you want a trustworthy web app in terms of security you need to have a signed certificate by a CA. However, when you want do demo your app and have sensitive information on it it is at least somewhat better to have a self-signed SSL encrypted connection to prevent network sniffers and the like which can be active both on the client's side as on the server side. Getting a signed certificate by a CA can take some time and I haven't had any success with the free alternatives yet. So, if you want to have your information-sensitive demo up and running as quickly as possible adding a self-signed certificate is better than just leaving it open. Hi taf2. I totally agree with you on that point. Self-signing your application is not the right move on production environment. If you want a trustworthy web app in terms of security you need to have a signed certificate by a CA.

However, when you want do demo your app and have sensitive information on it it is at least somewhat better to have a self-signed SSL encrypted connection to prevent network sniffers and the like which can be active both on the client’s side as on the server side. Getting a signed certificate by a CA can take some time and I haven’t had any success with the free alternatives yet.

So, if you want to have your information-sensitive demo up and running as quickly as possible adding a self-signed certificate is better than just leaving it open.

]]> By: taf2 http://shapingclouds.com/2010/01/02/how-to-add-some-security-with-a-self-signed-ssl-certificate-to-your-rails-app-running-on-nginx/comment-page-1/#comment-138 taf2 Sun, 03 Jan 2010 01:25:28 +0000 http://shapingclouds.com/?p=399#comment-138 Great article well written and the examples should be very helpful to anyone setting up a secure site. I just wanted to make sure people understand they're really no safer with a self signed cert then without... and although it sucks - a few hundred bucks for a demo that warrants production data isn't that bad right? Great article well written and the examples should be very helpful to anyone setting up a secure site. I just wanted to make sure people understand they’re really no safer with a self signed cert then without… and although it sucks – a few hundred bucks for a demo that warrants production data isn’t that bad right?

]]> By: taf2 http://shapingclouds.com/2010/01/02/how-to-add-some-security-with-a-self-signed-ssl-certificate-to-your-rails-app-running-on-nginx/comment-page-1/#comment-137 taf2 Sun, 03 Jan 2010 01:20:49 +0000 http://shapingclouds.com/?p=399#comment-137 Hey... self signed certs really just mean the data line is encrypted... but you still can't trust the server you're sending your sensitive information to. Trusting the remote server means do you trust the communication channel between you and the server. If you can't trust the communication channel between you and your server.... then you can't trust you're talking to the same server... so why encrypt? Hey… self signed certs really just mean the data line is encrypted… but you still can’t trust the server you’re sending your sensitive information to. Trusting the remote server means do you trust the communication channel between you and the server. If you can’t trust the communication channel between you and your server…. then you can’t trust you’re talking to the same server… so why encrypt?

]]> By: Tweets that mention How to add some security with a self-signed SSL certificate to your Rails app running on Nginx — Shaping Clouds -- Topsy.com http://shapingclouds.com/2010/01/02/how-to-add-some-security-with-a-self-signed-ssl-certificate-to-your-rails-app-running-on-nginx/comment-page-1/#comment-135 Tweets that mention How to add some security with a self-signed SSL certificate to your Rails app running on Nginx — Shaping Clouds -- Topsy.com Sat, 02 Jan 2010 20:59:58 +0000 http://shapingclouds.com/?p=399#comment-135 [...] This post was mentioned on Twitter by Michiel Sikkes, Shaping Clouds. Shaping Clouds said: New blog post: How to add some security with a self-signed SSL certificate to your Rails app running on... http://bit.ly/6ITOyg by @michiels [...] [...] This post was mentioned on Twitter by Michiel Sikkes, Shaping Clouds. Shaping Clouds said: New blog post: How to add some security with a self-signed SSL certificate to your Rails app running on… http://bit.ly/6ITOyg by @michiels [...]

]]>