If you’ve used the RightAWS tools to talk to Amazon Web Services, you’ve probably seen this warning before:
warning: peer certificate won't be verified in this SSL session
No one likes warnings cluttering up their output, and this one indicates a very real security problem: no verification is being done to check that the server really is a legitimate Amazon host. Unfortunately, the warning doesn’t give you a lot of clues about how to go about addressing the issue.
Here’s what you need to do. First, you’ll need a certificate file. If you’re running Ubuntu, you can install the “ca-certificates” package (on my system it was already installed). Once it’s installed you should have a master certificate file at /etc/ssl/certs/ca-certificates.crt. Now you just need to tell RightAWS about the file:
require 'right_http_connection' Rightscale::HttpConnection.params[:ca_file] = "/etc/ssl/certs/ca-certificates.crt"
…and you should get no more warnings.
I’ve submitted a patch to the right_http_connection gem which, if accepted, will use this file by default if it exists. It will also enable users to override the CA file configuration using the
RIGHT_HTTP_CA_FILE environment variable.