问题描述
我们现有的SSL证书即将到期,因此我们正在尝试安装一个新的证书。然而,在Heroku上的指示是缺乏的...
创建包
要创建包,您应该按照正确的顺序连接一堆中间证书文件。 Heroku示例:
$ cat EssentialSSLCA_2.crt ComodoUTNSGCCA.crt UTNAddTrustSGCCA.crt AddTrustExternalCARoot.crt> bundle.pem
( )
但我不清楚旧版证书会发生什么情况,最初是否添加了这些证书?它们是否被覆盖?他们需要被删除吗?
如果您提供3个文件 server.crt server.key bundle.pem
,您可以跳过该包中的(www_our_domain).crt
。否则,只需提供一个 server.crt
和一个 server.key
$ cat(www_our_domain).crt COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt> server.crt
要更新证书,请使用 heroku certs :更新
,而不是 heroku证书:添加
。请参阅。
Our existing SSL certificate is about to expire, and so we're trying to install a new one. However, the instructions on Heroku are lacking...
Creating the bundle
To create the bundle, you're supposed to concatenate a bunch of intermediate cert files together in the correct order. Example on Heroku:
$ cat EssentialSSLCA_2.crt ComodoUTNSGCCA.crt UTNAddTrustSGCCA.crt AddTrustExternalCARoot.crt > bundle.pem
(https://devcenter.heroku.com/articles/ssl-certificate-dnsimple)
We received a different set of files:
- AddTrustExternalCARoot.crt
- COMODORSAAddTrustCA.crt
- COMODORSADomainValidationSecureServerCA.crt
- (www_our_domain).crt
How should they be concatenated? Is this correct?:
$ cat (www_our_domain).crt COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt > bundle.pem
Adding the certs
I'm assuming we don't need to provision another SSL endpoint, we just update the one we have...
$ heroku certs:add server.crt server.key bundle.pem
(https://devcenter.heroku.com/articles/ssl-endpoint#provision-the-add-on)
But unclear to me what happens to the old certs the add on was originally provisioned with? Are they over-written? Do they need to be removed?
If you supply the 3 files server.crt server.key bundle.pem
, you can skip (www_our_domain).crt
in the bundle. Otherwise, simply supply a server.crt
and a server.key
$ cat (www_our_domain).crt COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt > server.crt
To update a certificate use heroku certs:update
, not heroku certs:add
. See the official docs.
这篇关于在Heroku上更新SSL证书的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!