Heroku is a great hosting platform for modern, single page web applications. Nowadays, it is de-facto standard to secure your app or web with SSL/TLS, even for non-sensitive sites. Here’s a quick setup guide on how to obtain, download and install an SSL certificate and configure Heroku to work with it. All done in 15 minutes for $16/year (certificate) plus $20/month (Heroku SSL endpoint).
My website (or web application) runs on Heroku on a non-SSL endpoint. I want the Heroku web app to run on https:// with a valid production certificate. I want this configuration to be simple and (ideally) inexpensive.
Buy a production SSL certificate and secure the app with SSL/TLS.
Run my Heroku app named portadi-web on https://www.portadi.com (instead of http://).
I don’t like paying for services which I feel are overpriced — and most certificate providers fit into this category. SSL certificates are expensive and difficult to get, manage, and deploy. Recently I used SSLMate. They charge $16 for a basic one-year certificate - a fair price in my view. While the procedure is not completely flawless, it is way better than in most of the traditional certification authorities.
1) Register on SSLMate
Go to https://www.sslmate.com and sign up for an account.
2) Install sslmate utility
You need to install the sslmate utility. On OS X, I tried recommended way, installing the utility through Homebrew, but it failed (I don’t know whether it was my misconfiguration or a bug). So I installed the dmg installation package SSLMate provides. Surprisingly, for a certificate authority, the package is not signed. Once you have an account and the sslmate utility installed, everything is smooth (provided you are familiar with the command line).
3) Buy certificate and download it
$ sslmate buy www.portadi.com
The sslmate utility prompts you to enter your username and password and asks you to choose an authorization method. I used email.
The nice thing about SSLmate is that the utility waits till you confirm the authorization via email and then automatically downloads all certificates and the key.
$ Waiting for ownership confirmation... Your certificate is ready for use! Private key: www.portadi.com.key Certificate: www.portadi.com.crt Certificate chain: www.portadi.com.chain.crt Certificate with chain: www.portadi.com.chained.crt
4) Buy SSL endpoint on Heroku
Running SSL on your domain is a paid service on Heroku. If you haven’t done it yet, you need to buy an SSL endpoint for your web app (in this example I use portadi-web).
$ heroku addons:create ssl:endpoint —app=portadi-web
5) Install your downloaded SSL certificates on Heroku
$ heroku certs:add www.portadi.com.chained.crt www.portadi.com.key —app=portadi-web Resolving trust chain... done Adding SSL Endpoint to portadi-web... done portadi-web now served by nara-8848.herokussl.com
Note the herokussl endpoint. You will need to paste this info into your DNS in step 7.
6) Provide domain on Heroku
If you haven’t done it already, instruct Heroku which domain you want to be handled via SSL.
$ heroku domains:add www.portadi.com
7) Register a CNAME record with your DNS provider
Now configure a CNAME record for www.portadi.com that points to the herokussl endpoint which we got in step 5. In our case we use Dyn for DNS - here is our configuration:
Now you will need to wait couple of minutes up to two days your DNS change is fully propagated.
So there you have it, your heroic web app now runs on SSL (the spellchecker insists on renaming Heroku to heroic, so I’ll let him have it at last :-)