本文介绍了在Heroku上更新SSL证书的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我们现有的SSL证书即将到期,因此我们正在尝试安装一个新的证书。然而,在Heroku上的指示是缺乏的...



创建包



要创建包,您应该按照正确的顺序连接一堆中间证书文件。 Heroku示例:

  $ cat EssentialSSLCA_2.crt ComodoUTNSGCCA.crt UTNAddTrustSGCCA.crt AddTrustExternalCARoot.crt> bundle.pem 

( )

但我不清楚旧版证书会发生什么情况,最初是否添加了这些证书?它们是否被覆盖?他们需要被删除吗?

解决方案

如果您提供3个文件 server.crt server.key bundle.pem ,您可以跳过该包中的(www_our_domain).crt 。否则,只需提供一个 server.crt 和一个 server.key

  $ cat(www_our_domain).crt COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt> server.crt 



要更新证书,请使用 heroku certs :更新,而不是 heroku证书:添加。请参阅。


Our existing SSL certificate is about to expire, and so we're trying to install a new one. However, the instructions on Heroku are lacking...

Creating the bundle

To create the bundle, you're supposed to concatenate a bunch of intermediate cert files together in the correct order. Example on Heroku:

$ cat EssentialSSLCA_2.crt ComodoUTNSGCCA.crt UTNAddTrustSGCCA.crt AddTrustExternalCARoot.crt > bundle.pem

(https://devcenter.heroku.com/articles/ssl-certificate-dnsimple)

We received a different set of files:

  • AddTrustExternalCARoot.crt
  • COMODORSAAddTrustCA.crt
  • COMODORSADomainValidationSecureServerCA.crt
  • (www_our_domain).crt

How should they be concatenated? Is this correct?:

$ cat (www_our_domain).crt COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt > bundle.pem

Adding the certs

I'm assuming we don't need to provision another SSL endpoint, we just update the one we have...

$ heroku certs:add server.crt server.key bundle.pem

(https://devcenter.heroku.com/articles/ssl-endpoint#provision-the-add-on)

But unclear to me what happens to the old certs the add on was originally provisioned with? Are they over-written? Do they need to be removed?

解决方案

If you supply the 3 files server.crt server.key bundle.pem, you can skip (www_our_domain).crt in the bundle. Otherwise, simply supply a server.crt and a server.key

$ cat (www_our_domain).crt COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt > server.crt

To update a certificate use heroku certs:update, not heroku certs:add. See the official docs.

这篇关于在Heroku上更新SSL证书的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

08-06 12:53
查看更多