Rails Machine Wiki

Setting Up SSL

Getting a certificate

The first step is to get your SSL certificate. There are tons of places you could get one from- Rapid SSL, Verisign, Go Daddy, just to name a few. Many places will even give you a free certificate to try before you buy. If you’re using the application internally only or just don’t care about warnings from the browser, you can even generate your own.

Use the certificate provider’s instructions for Apache 2. NOTE: when generating a key for a Certificate Signing, ensure you don’t add a passphrase to the key. If prompted for one, press enter for a blank passphrase.

Copy the certificate to your server


scp *.crt deploy@yourdomain.railsmachina.com:~/

SSH to your Server


ssh deploy@yourdomain.railsmachina.com

Install mod_ssl


sudo yum install mod_ssl

Create needed directories


sudo mkdir -p /etc/httpd/conf/ssl.crt/
sudo mkdir -p /etc/httpd/conf/ssl.key/

Move the certificates and keys to the newly created directories


sudo mv *.crt /etc/httpd/conf/ssl.crt/
sudo mv *.key /etc/httpd/conf/ssl.key/

Backup your existing Apache VHost Config


sudo mv /etc/httpd/conf/apps/your_app.conf /etc/httpd/conf/apps/your_app.conf.orig

Obtain our Apache vhost template


wget http://assets.railsmachine.com/wiki/ssl_vhost.conf
sudo mv apache_ssl_vhost /etc/httpd/conf/apps/your_app.conf

Customize the Apache VHost Template

NOTE: This config template handles both SSL and non-SSL for the same Rails application. Note that this binds your IP address to this virtual host. If you have other applications on the server you will need to request an additional IP address.


sudo vim /etc/httpd/conf/apps/your_app.conf



  # Intermediate Certificate
  SSLCACertificateFile /etc/httpd/conf/ssl.crt/DigiCertCA.crt

Restart Apache


sudo /sbin/service httpd restart

If httpd fails to restart, please submit a support request with the error that you received, your domain name (yourdomain.railsmachina.com) and your deploy user’s password and we’ll help you debug the error.