RightAWS and SSL Certificates

If you’ve used the RightAWS tools to talk to Amazon Web Services, you’ve probably seen this warning before:

No one likes warnings cluttering up their output, and this one indicates a very real security problem: no verification is being done to check that the server really is a legitimate Amazon host. Unfortunately, the warning doesn’t give you a lot of clues about how to go about addressing the issue.

Here’s what you need to do. First, you’ll need a certificate file. If you’re running Ubuntu, you can install the “ca-certificates” package (on my system it was already installed). Once it’s installed you should have a master certificate file at /etc/ssl/certs/ca-certificates.crt. Now you just need to tell RightAWS about the file:

…and you should get no more warnings.

I’ve submitted a patch to the right_http_connection gem which, if accepted, will use this file by default if it exists. It will also enable users to override the CA file configuration using the RIGHT_HTTP_CA_FILE environment variable.