Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Untrusted Certs on Heroku

I'm not very learned on ssl and certs in general as I have only recently started "really" working with them and understanding them. I have an issue.

I'm shipping a library for android which connects to a specific domain "derp.com". Each of my customers get a subdomain to access with the library. EG "customer.derpy.com"

So working with https on android can be a pain but its not the end of the world. I'm having issues where my cert isnt being trusted by all of the devices using the https of the server. I suspect this is why:

heroku certs --app my-app
Endpoint                  Common Name(s)                Expires               Trusted
------------------------  ----------------------------  --------------------  -------
cdepy412532.herokussl.com  *.derp.com, derp.com  2013-04-05 22:36 UTC  False

The certificate is being marked as untrusted. I suspect this is the cause of the issue as the devices are complaining that they cant verify the certificate. Why would this be?


The certificate is issued by a ca. I think its either rapidssl or geotrust.

like image 561
OVERTONE Avatar asked Dec 19 '12 18:12

OVERTONE


People also ask

Does Heroku provide SSL certificates?

Heroku SSL is a free feature that allows for the managing of SSL/TLS encryption for custom domains and relies on the Server Name Indication (SNI). Please note that Heroku SSL is currently available under Heroku paid plans only.

Why is my SSL certificate not trusted?

The most common cause of a "certificate not trusted" error is that the certificate installation was not properly completed on the server (or servers) hosting the site. Use our SSL Certificate tester to check for this issue. In the tester, an incomplete installation shows one certificate file and a broken red chain.

How do I enforce HTTPS on Heroku?

react-boilerplate can enforce https(redirect http to https) on heroku deployed apps(that has extra layer like cloudflare). var sslRedirect = require('heroku-ssl-redirect');const app = express();app. use(sslRedirect()); Now you get all connection to be on https.

How do I add a certificate to Heroku?

Manually Upload CertificatesUse the certs:add Heroku CLI command to add a certificate and private key. It prompts for the custom domain with which to associate the certificate-key pair. $ heroku certs:add server. crt server.


1 Answers

I do hate answering my own question and would rather delete it but this may help someone else.

The issue in my case is that I had forgotten to combine the intermediate cert with the root cert.

This tutorial by Ryan McGeary was a great help.

My only advice is make sure you have the intermediary certs (pem or crt), root certs(pem or crt) and private key(key) from your boss or whoever received them. If you do not have all of these then you will get an untrusted cert on heroku.

like image 108
OVERTONE Avatar answered Oct 01 '22 01:10

OVERTONE