Skip to content

Instantly share code, notes, and snippets.

@RandomEtc

RandomEtc/1-make-key

Created September 16, 2011 16:35
Show Gist options
  • Star 27 You must be signed in to star a gist
  • Fork 6 You must be signed in to fork a gist
  • Save RandomEtc/1222498 to your computer and use it in GitHub Desktop.
Save RandomEtc/1222498 to your computer and use it in GitHub Desktop.
Download ZIP
generating SSL keys and Certificate Signing Requests for Heroku / Nginx / RapidSSL
Raw
1-make-key
Key was generated using:
tom% openssl genrsa -des3 -out example.com.key 2048
Generating RSA private key, 2048 bit long modulus
....+++
..........................................................................................................................+++
e is 65537 (0x10001)
Enter pass phrase for example.com.key:
Verifying - Enter pass phrase for example.com.key:
%tom
Raw
2-make-csr
CSR was generated using:
tom% openssl req -new -key example.com.key -out example.com.csr
Enter pass phrase for example.com.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:California
Locality Name (eg, city) []:San Francisco
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Example Company, Inc
Organizational Unit Name (eg, section) []:
Common Name (eg, YOUR name) []:example.com
Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
tom%
CSR was pasted into RapidSSL form, phone tag and credit card transaction occurred, and example.com.crt and intermediate.crt were received by email from RapidSSL (after a short delay).
Raw
3-unlock
Key was unlocked using:
tom% openssl rsa -in example.com.key -out example.com.unlocked.key
Enter pass phrase for example.com.key:
writing RSA key
tom%
Raw
4-combine
PEM was generated using:
tom% cat example.com.crt intermediate.crt > example.com.pem
tom%
Raw
5-upload
Cert was uploaded to heroku using:
tom% heroku ssl:add example.com.pem example.com.unlocked.key --app example-app
Added certificate to example.com, expiring in 2012/09/16 15:29:34 -0700
tom%
Raw
6-activate
SSL was activated for our app using:
tom% heroku addons:add ssl:hostname --app example-app
-----> Adding ssl:hostname to example-app... done, v44 ($20/mo)
tom%
And then the CNAME DNS was updated using the new alias that arrived by email.
@kirillzubovsky
Copy link

Great guide, but could you update step #5 to be

$ heroku certs:add server.crt server.key

Also, step #6 should really be before #5 now.

$ heroku addons:add ssl
$ heroku domains:add www.mydomain.com

As per this guide - https://devcenter.heroku.com/articles/ssl-endpoint#upload-certificates

Please keep these gists online. Very helpful!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment