SSL Client Certificate Authentication In Ruby On Rails

I’ve been playing with using client-side SSL certificates (installed into your web browser) as a means to authenticate against a Ruby on Rails-powered application. This subject is geeky and of limited interest even to the people who read this blog (with the possible exception of Ruth, who may find herself doing exactly this as part of her Masters dissertation), so rather than write about it all here, I’ve written a howto/article: SSL Client Certificate Authentication In Ruby On Rails. If you’re at all interested in the topic, you’re welcome to have a read and give me any feedback.


  1. Gareth Gareth says:

    Looks interesting. One thing springs to mind reading it – have you played with client-side certificate generation, so the server never sees the client private certificate? Moz has the <keygen> tag and I know IE has a similar-but-subtly-different tag. I was looking for a browser-agnostic way of doing this in rails recently and didn’t find much, but I wasn’t looking all that hard, I must admit.

  2. Gareth Gareth says:

    Hm, seems the comments system strips out html tags rather than escaping them. I meant to mention the “keygen” tag above as the one that Moz uses.

    Dan says: Corrected it for you.

Reply here

Your email address will not be published. Required fields are marked *

Reply on your own site

Reply by email

I'd love to hear what you think. Send an email to; be sure to let me know if you're happy for your comment to appear on the Web!