rails thin server cannot start - certificate too small

Question

After upgrading to Ubuntu 20, I can no longer run thin server in ssl mode:

thin start --ssl

Server starts fine but when I go to it I get:

140107127297856:error:140AB18F:SSL routines:SSL_CTX_use_certificate:ee key too small:../ssl/ssl_rsa.c:310:
ruby /home/kevin/.rvm/gems/ruby-2.5.0/bin/thin start --ssl: ssl.cpp:203:   SslContext_t::SslContext_t(bool, const string&, const string&, const string&, const string&, const string&, int): Assertion `e > 0' failed.

I've tried modifying the /etc/ssl/openssl.cnf to add

DEFAULT@SECLEVEL=1

but no luck. Any ideas how to fix?

Thanks, Kevin

Answer 1

You need to generate certificates and then point to those certificates

The generated certificates(we'll get to this later ) can be saved anywhere but I'll choose to save it in a .ssl folder in the root of my project

Follow the following steps to generate the certificates

  $ openssl genrsa 2048 > host.key
  $ chmod 400 host.key
  $ openssl req -new -x509 -nodes -sha256 -days 365 -key host.key -out host.cert

the above commands will generate two files

• host.key
• host.cert

Then start your thin server by running the following command

thin start --ssl --ssl-key-file=.ssl/host.key --ssl-cert-file=.ssl/host.cert