How I Set Up a Trustico Rapid Ssl Certificate on Heroku Ssl Endpoint

This can be quite time consuming if it is the first time you set up an ssl endpoint. Here is how I did it :

  1. Purchase a rapidssl certificate for my domain on www.trustico.com. Make sure to use the insurrance option so that you can download the private key later. I had to setup an email account at admin@mes-courses.fr so that I could receive their confirmation link email.
  2. Once you have bought your certificate, login in to you trustico account and download your certificate, the intermediate certificate, and the private key.
  3. Concatenate the final and intermediate certificates to a single file (let's call it server.crt).
  4. Add the ssl endpoint add on to your heroku application
    1
    
    heroku addons:add ssl:endpoint
    
  5. Upload your certificate
    1
    
    heroku certs:add server.crt private.key
    
  6. Run the following and verify that you have an ssl endpoint with an explicit trusted "True" value
    1
    
    heroku certs
    
  7. Note the ssl-endpoint full domain from the previous command line, and add a DNS CNAME record from your domain to this endpoint
  8. Check that there are no A DNS records pointing to heroku ips on your dns configuration (It used to be the case with older versions of heroku)
  9. Wait until dns are updated to check that it is working.

You can check how your dns settings are spreading with www.whatsmydns.net and http://www.reverse-dns.fr/. The heroku ssl-endpoint help page was a real brain saver.

EDIT 10/10/2013

Any certificate will eventually expire, and need to be renewed. The process for this (at Trustico at least) is to generate a completly new certificate. To install this new certificate on heroku, start by combining the new certificate files as you did the first time, and then use

1
heroku certs:update server.crt private.key

instead of heroku certs:add. This should be enough, there is no need to update any dns entry.

To make sure the new certificate is used, visit the heroku ssl endpoint directly (get it by running heroku certs) and then visit your ssl site to check the certificate infos from your browser.

Comments