bob's tech ramblings

where i ramble about technical things

Generating a SSL certificate with Capistrano

30th August 2009

Capistrano is useful for deploying ruby applications. It can also be used to help with configuration and setup of things related to the applications

Such as creating the ssl keys and certificates for the demo and staging sites. I've always used an openssl one liner to do this but I still needed to fill in the details for the certificate. Which is less that ideal if you want to automate the creation of the keys and certificates. So I dug around and found the right incantation to pass the certificate details to openssl. I then made this into a capistrano recipe.

namespace :sslcert do

  desc "create a self signed ssl cert"
  task :create, :roles => :web do
    sudo "openssl req -x509 -newkey rsa:2048 -keyout /etc/ssl/private/#{application}.key -out /etc/ssl/certs/#{application}.crt  -days 9999 -nodes -subj \"/C=GB/ST=England/L=London/O=#{application}/OU=IT/CN=#{servername}\""

As you can see the magic happens with the -subj option.

This recipe puts the ssl certificate and key in the default location for them on debian. You could of course change this and then not need to use sudo. In my actual work version I also make sure this recipe doesn't run on production deployments since they should be using real ssl certificates.

blog comments powered by Disqus