> I haven't seen this mentioned anywhere before but there are a couple
> of issues with SSL support in the current release.

> 1. The paths and file names mentioned in the example deploy.rb and cap
> task descriptions are wrong.

> Your cert and key should be in:
> /etc/ec2onrails/ssl/certs/ec2onrails-default.crt (certificate)
> /etc/ec2onrails/ssl/private/ec2onrails-default.key (key)

> As with all server files, to have them deployed automatically they
> should be in your_app_root/server_config/etc/ec2onrails/ssl/...

> 2. If your signing authority requires you to use a chain cert (like
> GoDaddy) you must add it to the apache ssl configuration file on your
> server.

> I put the chain cert in:
> /etc/ec2onrails/ssl/certs/ec2onrails-chain.crt

> And added the following to /etc/apache2/sites-available/default-ssl
>  SSLCertificateChainFile    /etc/ec2onrails/ssl/cert/ec2onrails-
> chain.crt

> I have submitted a patch to automate this process (and fix previous
> issue) so hopefully this will be in the next release.

> 3. (This is not ec2onrails specific but something that gets SSL
> newbies every time!) Make sure your private key file doesn't have a
> passphrase on it.

> If it does, Apache will hang at startup, waiting for you to enter your
> passphrase.

> When you generate your private key you will probably be required to
> enter a passphrase. To remove it follow the instructions here:http://httpd.apache.org/docs/2.0/ssl/ssl_faq.html#removepassphrase

> Hope that helps others get going with SSL. Thanks Paul for putting the
> foundations in place. Setting up SSL can be frustrating, automating it
> with ec2onrails is definitely a big step forward.

> Cheers,

> --
> BP

> Yes I hit the same problem with the godaddy chain cert and had to roll
> my
> own config. I figured the documented paths might be wrong, however
> I'm
> not sure when the default self-signed cert is generated - is it part
> of the
> 'setup' cap task? Just wondering under what circumstances a custom
> config might get clobbered by capistrano.

> Also do you know how the chain cert is set up with nginx?

> Cheers,
> Frank

> On Apr 3, 12:24 am, Barry Paul <barry.p...@gmail.com> wrote:

> > I haven't seen this mentioned anywhere before but there are a couple
> > of issues with SSL support in the current release.

> > 1. The paths and file names mentioned in the example deploy.rb and cap
> > task descriptions are wrong.

> > Your cert and key should be in:
> > /etc/ec2onrails/ssl/certs/ec2onrails-default.crt (certificate)
> > /etc/ec2onrails/ssl/private/ec2onrails-default.key (key)

> > As with all server files, to have them deployed automatically they
> > should be in your_app_root/server_config/etc/ec2onrails/ssl/...

> > 2. If your signing authority requires you to use a chain cert (like
> > GoDaddy) you must add it to the apache ssl configuration file on your
> > server.

> > I put the chain cert in:
> > /etc/ec2onrails/ssl/certs/ec2onrails-chain.crt

> > And added the following to /etc/apache2/sites-available/default-ssl
> >  SSLCertificateChainFile    /etc/ec2onrails/ssl/cert/ec2onrails-
> > chain.crt

> > I have submitted a patch to automate this process (and fix previous
> > issue) so hopefully this will be in the next release.

> > 3. (This is not ec2onrails specific but something that gets SSL
> > newbies every time!) Make sure your private key file doesn't have a
> > passphrase on it.

> > If it does, Apache will hang at startup, waiting for you to enter your
> > passphrase.

> > When you generate your private key you will probably be required to
> > enter a passphrase. To remove it follow the instructions here:http://httpd.apache.org/docs/2.0/ssl/ssl_faq.html#removepassphrase

> > Hope that helps others get going with SSL. Thanks Paul for putting the
> > foundations in place. Setting up SSL can be frustrating, automating it
> > with ec2onrails is definitely a big step forward.

> > Cheers,

> > --
> > BP

> I haven't seen this mentioned anywhere before but there are a couple
> of issues with SSL support in the current release.

> 1. The paths and file names mentioned in the example deploy.rb and cap
> task descriptions are wrong.

> Your cert and key should be in:
> /etc/ec2onrails/ssl/certs/ec2onrails-default.crt (certificate)
> /etc/ec2onrails/ssl/private/ec2onrails-default.key (key)

> As with all server files, to have them deployed automatically they
> should be in your_app_root/server_config/etc/ec2onrails/ssl/...

> 2. If your signing authority requires you to use a chain cert (like
> GoDaddy) you must add it to the apache ssl configuration file on your
> server.

> I put the chain cert in:
> /etc/ec2onrails/ssl/certs/ec2onrails-chain.crt

> And added the following to /etc/apache2/sites-available/default-ssl
>  SSLCertificateChainFile    /etc/ec2onrails/ssl/cert/ec2onrails-
> chain.crt

> I have submitted a patch to automate this process (and fix previous
> issue) so hopefully this will be in the next release.

> 3. (This is not ec2onrails specific but something that gets SSL
> newbies every time!) Make sure your private key file doesn't have a
> passphrase on it.

> If it does, Apache will hang at startup, waiting for you to enter your
> passphrase.

> When you generate your private key you will probably be required to
> enter a passphrase. To remove it follow the instructions here:http://httpd.apache.org/docs/2.0/ssl/ssl_faq.html#removepassphrase

> Hope that helps others get going with SSL. Thanks Paul for putting the
> foundations in place. Setting up SSL can be frustrating, automating it
> with ec2onrails is definitely a big step forward.

> Cheers,

> --
> BP