Created
September 16, 2011 16:35
-
-
Save RandomEtc/1222498 to your computer and use it in GitHub Desktop.
generating SSL keys and Certificate Signing Requests for Heroku / Nginx / RapidSSL
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Key was generated using: | |
| tom% openssl genrsa -des3 -out example.com.key 2048 | |
| Generating RSA private key, 2048 bit long modulus | |
| ....+++ | |
| ..........................................................................................................................+++ | |
| e is 65537 (0x10001) | |
| Enter pass phrase for example.com.key: | |
| Verifying - Enter pass phrase for example.com.key: | |
| %tom |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| CSR was generated using: | |
| tom% openssl req -new -key example.com.key -out example.com.csr | |
| Enter pass phrase for example.com.key: | |
| You are about to be asked to enter information that will be incorporated | |
| into your certificate request. | |
| What you are about to enter is what is called a Distinguished Name or a DN. | |
| There are quite a few fields but you can leave some blank | |
| For some fields there will be a default value, | |
| If you enter '.', the field will be left blank. | |
| ----- | |
| Country Name (2 letter code) [AU]:US | |
| State or Province Name (full name) [Some-State]:California | |
| Locality Name (eg, city) []:San Francisco | |
| Organization Name (eg, company) [Internet Widgits Pty Ltd]:Example Company, Inc | |
| Organizational Unit Name (eg, section) []: | |
| Common Name (eg, YOUR name) []:example.com | |
| Email Address []: | |
| Please enter the following 'extra' attributes | |
| to be sent with your certificate request | |
| A challenge password []: | |
| An optional company name []: | |
| tom% | |
| CSR was pasted into RapidSSL form, phone tag and credit card transaction occurred, and example.com.crt and intermediate.crt were received by email from RapidSSL (after a short delay). | |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Key was unlocked using: | |
| tom% openssl rsa -in example.com.key -out example.com.unlocked.key | |
| Enter pass phrase for example.com.key: | |
| writing RSA key | |
| tom% |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| PEM was generated using: | |
| tom% cat example.com.crt intermediate.crt > example.com.pem | |
| tom% |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Cert was uploaded to heroku using: | |
| tom% heroku ssl:add example.com.pem example.com.unlocked.key --app example-app | |
| Added certificate to example.com, expiring in 2012/09/16 15:29:34 -0700 | |
| tom% |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| SSL was activated for our app using: | |
| tom% heroku addons:add ssl:hostname --app example-app | |
| -----> Adding ssl:hostname to example-app... done, v44 ($20/mo) | |
| tom% | |
| And then the CNAME DNS was updated using the new alias that arrived by email. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Great guide, but could you update step #5 to be
Also, step #6 should really be before #5 now.
As per this guide - https://devcenter.heroku.com/articles/ssl-endpoint#upload-certificates
Please keep these gists online. Very helpful!