View Single Post
Btw, if you end up doing this, the first time you restart WEBrick you're likely to get an error the next time you hit the site that says the certificate it's presenting uses the same serial number as another certificate from the same authority. This is due to a bug in WEBrick -- certificate serial numbers are meant to be a unique positive number, but WEBrick's ssl.rb has the following line:

cert.serial = 0

This means every time it runs, it creates a new certificate (this is fine given that you're not giving it a real certificate to use) -- but it generates the new certificate with the same serial number every time, and a solid SSL implementation will declare the new certificate invalid at the client side (Firefox definitely does this).

The solution is to patch WEBrick, so you have to go and find it's ssl.rb -- on my system it's in /opt/local/lib/ruby/1.8/webrick, but it's likely to be elsewhere for most people. For me that line is 54, but it should be easy to find regardless. You can change it to this:

cert.serial =

That means it will get a new serial number every time you restart the server, provided you don't restart extremely rapidly. ;)