• EnglishEspañol日本語한국어Português
  • Log inStart now

Custom SSL certificates (Ruby)

New Relic requires HTTPS for all traffic to APM and the New Relic REST API. The Ruby agent connects to New Relic collector servers over SSL by default. Usually, this default is enough.

Installing SSL Certificates

If you deploy a Ruby application and agent to a container or server without CA certificates installed, you must install them yourself to make HTTPS connections to New Relic servers. Version 7.0 of the agent introduced this change. You can install these CA certificates in various ways, depending on your host. The following external links are helpful guidance for testing the readiness of your host and installing CA certificates:

Use a custom CA bundle

In certain configurations, you may need to use a custom CA bundle. For example, you may use an HTTP proxy to intercept and decrypt SSL traffic from the agent, which then establishes a separate SSL connection to New Relic.

To configure the agent to use a custom CA bundle when validating the SSL certificate presented by a proxy, set the ca_bundle_path configuration setting in your newrelic.yml file or via the NEW_RELIC_CA_BUNDLE_PATH environment variable:

common: &default_settings
ca_bundle_path: certificates/mycert.pem
# ... other settings ...

Specify a path to a .pem file containing each certificate you want the agent to use when validating the identity of the proxy or server. You can concatenate multiple certificates into a single .pem file.

  • Relative path: If you specify a relative path, the agent will assign a path relative to the working directory of your app server process at runtime.
  • Absolute path: If your working directory is / rather than the root of your application, be sure to specify an absolute path.
Copyright © 2024 New Relic Inc.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.