Install SSL Certificate on Heroku
Posted by Mike Harvey on 24 October 2012 05:32 PM
SSL is a cryptographic protocol that provides end-to-end data encryption and data integrity for all web requests. Apps that transmit sensitive data should enable SSL to ensure all information is transmitted securely.
You can access any Heroku app over SSL at:
An app-specific SSL certificate is not required for Piggyback SSL. The
Heroku all provides SSL for your custom domain, e.g
The steps for setting up custom domain SSL with your Heroku app are as follows
All custom domain SSL options require generating an SSL certificate. If prompted during the SSL certificate process, specify the Apache 2.x web-server.
You must also remove the passphrase from your certificate so Heroku can automatically load it on your behalf (do this before adding your chain or intermediate certificate):
$ mv server.key server.orig.key $ openssl rsa -in server.orig.key -out server.key
$ heroku addons:add ssl Adding ssl on myapp... done, v1 ($20/mo) Next add your certificate with: heroku certs:add PEM KEY Use `heroku addons:docs ssl` to view documentation.
This enables your app to use the
Using the certificate you generated in the previous step, upload it to Heroku:
$ heroku certs:add server.crt server.key Added certificate to www.yourdomain.com, expiring in 2012/08/27 22:16:39 -0700
Next, add a CNAME record in the DNS configuration that points from the domain name that will host secure traffic e.g.
Documentation for the legacy SSL add-ons,
It is straightforward to upgrade to SSL Endpoint from a legacy SSL add-on. No downtime is required.
Start by adding
$ heroku addons:add ssl:endpoint --app myapp Adding ssl:endpoint to myapp... done
Now upload the same certificate and private key that you are currently using on the existing SSL setup:
$ heroku certs:add my_existing.crt my_existing.key --app myapp Adding certificate to myapp... done myapp now served by tokyo-2121.herokussl.com.
Your new endpoint is now ready to receive traffic. To direct traffic to the endpoint, go to your DNS provider and update the records for your domain so that you have a single CNAME entry pointing to the SSL endpoint host (e.g.
Once the DNS change propagates, your users will be routed to the new endpoint. You can de-provision the old SSL add-on, for example:
$ heroku addons:remove ssl:hostname --app myapp Removing ssl:hostname from myapp... done
original reference: https://devcenter.heroku.com/articles/ssl#customdomain-ssl