Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Heroku SSL: install intermediate cert?

Tags:

https

ssl

heroku

My registrar, gandi, gave me an intermediate cert to install, so I have 3 files:

  1. Private key file (server.key)
  2. Certificate file (mycert.crt)
  3. Intermediate cert (GandiSomething.pem)

I'm using the SSL Beta service on heroku. The heroku CLI heroku _certs:add, takes exactly two arguments, CRT and KEY. how do I install the intermediate cert?

like image 747
Paul Sanwald Avatar asked Jul 19 '16 00:07

Paul Sanwald

People also ask

Does Heroku have SSL certificate?

Heroku SSL is a combination of features that enables SSL for all Heroku apps. Heroku SSL uses Server Name Indication (SNI), an extension of the widely supported TLS protocol.

How can I add SSL certificate to Heroku for free?

In Heroku, go back to the Settings tab of your application and scroll down to Domain and certificates. You should now see a white button Configure SSL. Click on it. Leave the Automatically option ticked and click on Continue.

2 Answers

Paul is right, you can combine certificates:

cat ssl.crt middle.crt root.crt > all.crt

Be assured that newlines at the end of cert files!

And upload it to Heroku (use add if you haven't SSL Endpoint yet):

heroku certs:update --app $YOUR_APP --confirm $YOUR_APP all.crt private.key

But there are some tricks you haven't forget:

  1. Update your DNS CNAME record. Change target from <app>.herokuapp.com to secure <domain>.herokudns.com (be careful, if you have *.your.domain record it can catch requests and forward it to another server)
  2. Check the cert chain works right: SSL Checker
  3. Flush local DNS: Flush DNS tips (antivirus also can patch and cache you connections)
  4. Restart your browser (to flush browser's cache too)
  5. Check your app with browser by https:// connection
like image 134
17 revs, 13 users 59% Avatar answered Oct 19 '22 20:10

17 revs, 13 users 59%

The solution here is to combine the intermediate cert and the generated cert into one file, as described here. Because that link is shady, here's how the cert file should look once combined:

-----BEGIN CERTIFICATE-----
MIIEKjCCAxKgAwIBAgIEOGPe+DANBgkqhkiG9w0BAQUFADCBtDEUMBIGA1UEChML
-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----
wfsm5p9GJKaxB825DOgNghYAHZaS/KYIoA==
-----END CERTIFICATE-----

Then, this command will work:

heroku _certs:add --app name-of-my-app file-with-combined-certs.crt myserver.key

like image 7
Paul Sanwald Avatar answered Oct 19 '22 20:10

Paul Sanwald
Sign in to Comment

Related questions

How to import a jks certificate in java trust store
Add Private Key to X509Certificate
Use SSL in gRPC client server communication
Python requests gives me "bad handshake" error
Azure App Services - Can't find certificate by thumbprint
Nodejs request to a web service with .p12 certificate
What must I do to make content such as images served over HTTPS be cached client-side?
curl ca-cert error installing Meteor on Mac
Python 3 urllib with self-signed certificates
Force SSL HTTPS for subdomain with .htaccess
ASP.NET Core + IIS Express how to setup SSL Certificate
axios SSL error with Node 12 : SSL routines:ssl_choose_client_version:unsupported protocol
Using JavaMail with a Self Signed Certificate
Get rid of SSL verification in Cordova in app browser
Force Laravel to use HTTPS version
PyMongo [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate
How to install: OpenSSL + WAMP
How to identify insecure content in Chrome DevTools or Firefox?
Security implications of disabling the Common Name check for HTTPS
ssl tomcat certificate error

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!