Parse and Heroku Service(4)SSL Endpoint

Parse and Heroku Service(4)SSL Endpoint

1 Overview
If we need a customized domain, we may need to pay some extra money to buy the service
https://elements.heroku.com/addons/ssl

> heroku addons:create ssl:endpoint

Steps to SSL
1 Purchase an SSL certificate from your SSL provider
2 Provision an SSL endpoint from Heroku
3 Upload the certificate to Heroku
4 Update your DNS settings to reference the new SSL endpoint URL

For our case, we already have the SSL certificate.

2 Setting up SSL on Heroku

In the app, enable the plugins
>heroku addons:create ssl:endpoint

Add the key
> heroku certs:add server.crt server.key

At the end of this step, we will have a URL.

Verify the details
> heroku certs

> heroku certs:info

At this point, if we visit the URL displayed in the previous step, we will have an exception as follow:
www.example.com doesn’t match example-2121.herokussl.com

That is right. SSL is working there.

DNS and Domain Configuration
> heroku domains:add www.example.com

forward the DNS to our herokussl.com, for example:

Record Name Target
CNAME www example-2121.herokussl.com.
CNAME * example-2121.herokussl.com.

Verify the SSL
> curl -kvI https://www.example.com

3 Advanced Operation
Update the Certificate
>heroku certs:update server.crt server.key

Undo the Update
> heroku certs:rollback

Remove certificate
> heroku certs:remove

Tips:
A .csr file is a certificate signing request, which initiates your certificate request with a certificate provider and contains administrative information about your organization.

A .key file is the private key used for your site’s SSL-enabled requests.

.pem and .crt extensions are often used interchangeably and are both base64 ASCII encoded files. The technical difference is that .pem files contain both the certificate and key whereas a .crt file only contains the certificate.

References:
https://devcenter.heroku.com/articles/ssl-endpoint#overview