Setting up SSL with Dnsimple and Heroku's Endpoint SSL
Setting up SSL on a recent app proved to be more of a headache that I initially thought. It's a fairly straightforward but for one who is unfamiliar, it can seem quite daunting. Perhaps this will help.
Setting up SSL with Heroku and DNSimple
The other day I found myself working on an app that needed SSL. As I scoured the internet for helpful instructions, I had more trouble than I seemed necessary. So here is a guide.
This is for using the Endpoint SSL with Heroku which allows you to a SSL to a subdomain like: https://secure.example.com
Buy a domain from DNSimple.com
Add the CNAME for the record you want to apply the SSL to. (like "www" or "secure")
Buy an SSL Certificate for that subdomain domain. (This can be done on the domains detail page). The Host Name is the same as the CNAME record you created in step
note: If you buy the wildcard domain, the following instructions will not apply. This set of instructions is only for the hostname SSL. Go here for the wildcard domain.
Now you should receive a series of emails (3 total) from RapidSSL. Once you have finished this process go back to Dnsimple and view the details of the SSL you just purchased.
Copy the contents of "Private Key" (on your SSL details page) and paste them into a file called "server.orig.key"
Follow the link called "Instructions for Building a Rapid SSL Bundle"
Download the RapidSSL CA Bundle into a file called "intermediate_ca.pem". This download is located in the "Apache, Plesk & CPanel" section of the RapidSSL site.
Remove the password from your server.orig.key file.
open ssl -in server.orig.key -out server.key
Now, using the heroku CLI (command line interface) Add the domain to your project:
heroku domains:add secure.example.com -a myapp
Add the SSL addon
heroku addons:add ssl:endpoint -a myapp
Configure your ssl on heroku. Add the server.key as the first argument, then the ssl.pem, then the domain name for the SSL
heroku cert:add server.key ssl.pem secure.example.com -a myapp
Now thats it. As far as getting your app to force the SSL. Thats another story and will be told another time. But this should take care of everything outside of the app. Clear as mud? Perfect...