Heroku Namecheap SSL Certificate

We recently setup SSL on Resumonk.com which is a Track 3 application running on Heroku. Here is a quick summary of the unabridged procedure and hope information technology saves y'all some time when you lot are looking to enable SSL for your Rails application on Heroku.

What is SSL and why practice you demand it?

SSL or Secure Sockets Layer is protocol for establishing a secure (encrypted) link between server and the browser. If your app or website is using a database for storing and retrieving user generated data, you demand to get SSL to ensure that the data is transmitted deeply and to ensure that it is less vulnerable to tampering or forgery.
Also, displaying SSL Seal helps improve trust and it tells your customers that their information is protected.

Adding SSL certificate to your Heroku application

To use SSL for an app hosted on Heroku, you'll need to enable SSL improver that Heroku provides. This add-on costs $20/month. Please keep in heed that this is a recurring expense and it does not include the price of the SSL certificate itself. You'll need to purchase that separately.

Note: If you don't program to use a custom domain then you can employ the complimentary SSL that Heroku provides – (https://myapp.herokuapp.com).

Here are the steps that you need to follow to add an SSL certificate to y'all app –

  1. Purchase SSL certificate
  2. Generate private fundamental and CSR
  3. Provision the Heroku SSL add-on
  4. Upload the key and document to Heroku
  5. Update your DNS settings
  6. Update your app code to redirect https instead of http

Footstep i: Purchase SSL document

Nosotros bought a RapidSSL certificate from Namecheap.

Note: RapidSSL certificate ($x/year) is just valid for the root domain. If yous need to secure all your subdomains (web log.domain.com or labs.domain.com), you lot'll demand to buy a wildcard SSL certificate.

STEP 2: Generate Private fundamental and CSR

Before you can actuate your SSL certificate, you'll demand to provide a CSR (Document Signing Request) to the SSL provider.

The showtime step to generating a CSR is to create a individual key. You lot tin apply openssl for generating a individual key.

On a Mac (install Homebrew outset if y'all don't take it installed), open up Terminal.app and apply the following command.

          brew install openssl

On Ubuntu, y'all can do –

          sudo apt-get install openssl

Once you've installed openssl, utilize this command to generate a private key –

          openssl genrsa -des3 -out server.pass.primal 2048

Y'all'll be asked to enter a countersign.

          Enter pass phrase for server.pass.key: Verifying - Enter pass phrase for server.laissez passer.key:

Then run this command –

          openssl rsa -in server.pass.key -out server.primal

The above command will create a file called server.key in your working directory. We'll need this key to generate the CSR.

          openssl req -nodes -new -key server.key -out server.csr

This is the command that will generate a CSR for yous. You lot'll be prompted to enter the post-obit details –

  • Country Proper noun: 2 Digit code. This link has a list of all accepted state codes – http://www.ssl.com/csrs/country_codes
  • Country and Locality (e.g.: California, New Delhi etc)
  • Organisation name (Legal/Registered Name of your company e.g.: Abhayam Software Solutions Pvt. Ltd)
  • Organizational Unit is whichever branch of your company is ordering the certificate (e.g. Marketing Department, Product Evolution, Software Lab)
  • Common Name – This is the most important part so be actress conscientious. Common Name is the domain proper noun that yous want the CSR (and the SSL certificate) for. Please note that y'all need to specify which URL you desire – www or non-www. You cannot set up the common name to instance.com and expect it to secure www.case.com.
    For Resumonk, our main URL has world wide web in information technology and the root url (not-www) redirects to the www url, So the mutual name we specified was www.resumonk.com

The previous command would accept generated a file proper noun server.csr. Open upwardly that file in a text editor and copy everything inside the BEGIN/End block.

Annotation: The post-obit step is only applicable for Namecheap and may vary for other SSL providers.

Login to your Namecheap business relationship (or any other SSL provider) and navigate to your SSL dashboard – Your Account -> Manage SSL Certificates and click the "Actuate" link side by side to your SSL document.

Paste the CSR lawmaking that you lot copied into the text box and fill in the residual of your details. For server name, choose Apache 2.

Important Note: You will have to cull an approver email from the listing that is shown. You lot'll have options similar [e-mail protected], [email protected], [e-mail protected] etc. If you don't have any of these email addresses created, you'll demand to do that before proceeding since Namecheap will transport our a verification email to the approver email address.

Once you salve all the details, you'll receive a verification electronic mail from Namecheap (to the approver electronic mail that yous specified earlier) asking you to verify that yous want to active the SSL certificate.

Later yous verify, Namecheap will ship you lot an electronic mail with 2 certificates – WEB SERVER Document and INTERMEDIATE CA. Copy both these certificates ane later the other into a divide file and save information technology as server.crt.

Important Note: INCLUDE the Brainstorm CERTIFICATE/Cease Certificate lines and ensure that there are 5 dashes to either side of Brainstorm Certificate and Finish CERTIFICATE. Do non add any extra whitespaces or line breaks.

The terminal file should look something like this –

—–Begin Document—–
[encoded data]
—–END Document—–
—–BEGIN Certificate—–
[encoded information]
—–END CERTIFICATE—–

STEP three: Provision the Heroku improver

Now you need to provision Heroku's add-on. Open your terminal and cd to your projection directory. And then give this control –

          heroku addons:add ssl:endpoint

STEP 4: Upload the cardinal and certificate to Heroku

At present add the certificate and private fundamental to Heroku

          heroku certs:add server.crt server.key

Hither the server.crt file is the certificate we created in the last stride and server.key is the private primal we generated in Step 1.

If everything worked as it should, you'll run across a screen similar

          Adding SSL Endpoint to instance... done example at present served by fuscia-1212.herokussl.com.

This is the new endpoint URL at which your domain should point.

Pace 5: Update your DNS settings

Login to your domain management console.

If you already have a CNAME tape pointing to myapp.heroku.com, change it to the new URL endpoint (fuscia-1212.herokussl.com).

If you don't have a CNAME record, you'll demand to add your custom domain to Heroku first. To practice that, follow this guide.

At present once the DNS change has propagated (this tin can take a while), you'll have SSL activated on your website. Navigate to https://mydomain.com and yous'll encounter that the address bar turns green and shows a lock symbol.

Additional Step for Rails apps –

Pace six: Tell Rails to employ the https URL.

You'll notice that right now, although you accept got your SSL certificate to work, yous tin can all the same admission your app without SSL (http://mydomain.com). You lot need to tell Rails to use the SSL version by default.

Doing this is really easy, open up product.rb file and add this line –

          config.force_ssl = true

That's it. Now if you endeavor access your website without ssl (http://mydomain.com), Rails will practice a 301 (permanent redirect) to the https version.

One concluding thing to go on in listen is that if you are using social sign-in (omniauth), you might demand to change the callback URL (especially for Google+).

Also bank check your code for places where y'all have referenced the absolute URL and modify it to https (This commonly happens in transactional emails (welcome, password-reset etc) that you transport out).

That's all at that place is to adding a SSL certificate to your Heroku-hosted app. Let me know if you have any questions.

PS: Resumonk can assist you create a cute and professional resume in minutes. Effort it out and do permit me know how nosotros can improve information technology further.