1

I have an app on Heroku and I bought my own certificate, valid for myapp.mydomain.de. I added it to Heroku using their addon, SSL Endpoint.

I have a CNAME record which redirect from myapp.mydomain.de to myapp.herokuapp.com.

However, when I visit my myapp.mydomain.de the certificate is still the one issued by Heroku and not my own.

When i do a heroku certs:info I only see my own certificate.

$ curl -kvI https://myapp.mydomain.de
* Rebuilt URL to: https://myapp.mydomain.de/
* Hostname was NOT found in DNS cache
*   Trying 23.23.143.170...
* Connected to myapp.mydomain.de (23.25.144.170) port 443 (#0)
* TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
* Server certificate: *.herokuapp.com
* Server certificate: DigiCert SHA2 High Assurance Server CA
* Server certificate: DigiCert High Assurance EV Root CA
> HEAD / HTTP/1.1
> User-Agent: curl/7.37.1
> Host: myapp.mydomain.de
> Accept: */*

$ heroku certs -a myapp
Endpoint                  Common Name(s)                                                                                          Expires               Trusted
------------------------  ------------------------------------------------------------------------------------------------------  --------------------  -------
osaka-2491.herokussl.com  m.mydomain.de,myapp.mydomain.de  2017-02-09 23:59 UTC  True

$ heroku certs:info --> looks good also

Any idea why ?

P.S. myapp.de is not the real domain, just an example

maephisto
  • 131
  • 4

1 Answers1

1

Don't know if you done that but you have to upload to the endpoint the cert with the priv key with commands like :

heroku certs:add server.crt server.key

And check if its ok with : heroku certs

If its not okay you have someting wrong in the cert , edit with a vim or notepad to checks inside cert .

YuKYuK
  • 627
  • 3
  • 14
  • yes i did add it, and the .crt is as I got it from the certificate provider. – maephisto Feb 11 '15 at 11:37
  • And what do you see in heroku certs ? – YuKYuK Feb 11 '15 at 11:40
  • I updated my question with heroku certs contents – maephisto Feb 11 '15 at 11:50
  • haa you forget to update cname : `If you’re securing a subdomain, e.g., www.example.com, modify your DNS settings and create a CNAME record to the endpoint or modify the CNAME target if you already have a CNAME record.` – YuKYuK Feb 11 '15 at 12:00
  • so you mean that i should update my CNAME record to osaka-2491.herokussl.com ? right now my CNAME is myapp.mydomain.com --> myapp.herokuapp.com – maephisto Feb 11 '15 at 12:15
  • yep because its not the same when you add sslendpoint you have a dedicated heroku instance . – YuKYuK Feb 11 '15 at 12:16
  • Let us [continue this discussion in chat](http://chat.stackexchange.com/rooms/21035/discussion-between-maephisto-and-yukyuk). – maephisto Feb 11 '15 at 12:20