RightAWS and SSL Certificates

If you’ve used the RightAWS tools to talk to Amazon Web Services, you’ve probably seen this warning before:

warning: peer certificate won't be verified in this SSL session

No one likes warnings cluttering up their output, and this one indicates a very real security problem: no verification is being done to check that the server really is a legitimate Amazon host. Unfortunately, the warning doesn’t give you a lot of clues about how to go about addressing the issue.

Here’s what you need to do. First, you’ll need a certificate file. If you’re running Ubuntu, you can install the “ca-certificates” package (on my system it was already installed). Once it’s installed you should have a master certificate file at /etc/ssl/certs/ca-certificates.crt. Now you just need to tell RightAWS about the file:

require 'right_http_connection'
Rightscale::HttpConnection.params[:ca_file] = "/etc/ssl/certs/ca-certificates.crt"

…and you should get no more warnings.

I’ve submitted a patch to the right_http_connection gem which, if accepted, will use this file by default if it exists. It will also enable users to override the CA file configuration using the RIGHT_HTTP_CA_FILE environment variable.

9 comments

  1. I've heard that theSSLstore.com is running a special on VeriSign Secure Site Pro with EV for only $899. I’ve just received an email from them.

    They are not publishing this offer on their site, so, use promo code VSSPEV02 to redeem. that's why I wanted to share it with you…!!!

    The link to redeem is http://www.thesslstore.com/VSSPEV/
    Hope this helps you…!!!

Leave a Reply to Karl Cancel reply

Your email address will not be published. Required fields are marked *