-
Notifications
You must be signed in to change notification settings - Fork 7
Clarify how to provide intermediate certificates with heroku certs:add
#31
Comments
heroku certs:add
help textheroku certs:add
@edmorley This is a regression and I will start working on a fix |
@edmorley thanks for letting us know about this issue, I shipped a fix for @brettgoulder could you update the devcenter docs with an explanation of how to upload intermediate certificates?
|
Many thanks for the fix! It looks like the only thing left is:
|
Yup, just ended up here after I was about ready to write some profane messages to Heroku support... So more digging now, but essentially my SSL is a mess for my apps (wildcard ssl) because some are still using legacy ssl configurations and my latest environment I tried to use the GUI and it says my certificate isn't trusted because of intermediates. So going forward should we just use CLI and don't look at the GUI? Because the GUI for my other apps says I don't have SSL configured even though everything looks fine when I run All around the docs need updated because I'm still confused what I need to do exactly at this point. |
So for anyone that stumbled in here.... I ended up using the CLI to drive everything and needed to use the |
:-) |
Currently the UX for adding a certificate plus its intermediates is slightly confusing, since:
heroku certs:add
help text (see below) doesn't mention how to specify the intermediates at all, and uses aCRT
reference that could lead people to think that.pem
files aren't also accepted.It looks like I wasn't the only one who wasn't sure what to do with the intermediate cert:
https://stackoverflow.com/questions/38447944/heroku-ssl-install-intermediate-cert
https://stackoverflow.com/questions/23763411/uploading-ssl-certificate-to-heroku
And a number of guides have popped up to try and document it:
http://www.joshwright.com/tips/setup-a-godaddy-ssl-certificate-on-heroku ("Here's the part that the Heroku docs don't explain...")
http://ryan.mcgeary.org/2011/09/16/how-to-add-a-dnsimple-ssl-certificate-to-heroku/
As such, it would be great to:
heroku certs:add
help text to clarify that:CRT
can be either a.crt
or.pem
file, not just a.crt
CRT
is actually "certificate concatenated with intermediate certificates"heroku certs:add
takes three arguments, for example by:heroku certs:add
code block to show thecat example.crt intermediates-bundle.crt > server.crt
line too.The current help text for reference:
Many thanks!
The text was updated successfully, but these errors were encountered: