Heroku上的免费SSL安全证书？ [英] Free SSL security certificate on Heroku?

问题描述

我向Heroku推送了一个 Spree Rails应用程序，并且我发现它使用带 https：//的ssl 并在浏览器中有一个黄色的挂锁。点击此处显示身份验证，并将证书信息发送给：* .herokuapp.com

这很棒。在Heroku结束时没有配置或费用，我的应用程序正在使用带有有效期待证书的SSL。确定这是一个愚蠢的问题..但我怎样才能运行另一个Rails应用程序在Heroku上使用经过验证的证书，而无需为SSL附加费支付和购买自己的证书？ 您的浏览器正在建立是由于您通过appname.herokuapp.com连接到您的应用程序。这是标准配置，并且会自动适用于您创建的任何应用程序。 Heroku提供SSL加密，因为您可能会向服务器发送敏感信息，并且最好加密您可能不一定认为敏感的数据，但您的客户可能会这样做。所有信誉良好的提供商（SAS，Web主机，电子邮件提供商）将在基本域（* .herokuapp.com）上安装通配符 SSL证书，因为它是一个单一证书是相对便宜的，并且可以自动保护所有的子域名。

这就是说，应用程序已经启用了SSL，只需使用https即可访问，例如 https://appname.herokuapp.com ，但是当您想要与客户建立信任关系时，您希望使用SSL端点选项。两种方式都与另一种方式一样安全，但通配符SSL（也称为共享SSL证书）通过客户端通过浏览器与Heroku而不是您的App / Site建立信任关系。通过将SSL签名到您的domain.com，客户端可以连接到您的域名而不是Heroku子域名，并在浏览器的连接信息中查看您网站的信息。如果您的网站需要Heroku消除歧义，那么您希望在默认设置之外继续进行SSL设置。

至于要使用哪种SSL类型和发行商，我不建议 https：// www .startssl.com / ，因为它们不提供具有高浏览器无处不在的SSL，因为它们未由外部根机构完全签名。 Comodo和消费者标准Rapid / GeoTrust是保证，认可以及易于使用和关注的最佳选择。您只需要一个DV（域验证）SSL，并且每个月可以拥有几个域。

更多相关信息，Heroku SSL配置可以在这里

I pushed a Spree Rails app to Heroku and I see it's using ssl withhttps:// and has a yellow padlock in the browser. Clicking on this shows "Identity verified" and the Certificate Information says Issued To: *.herokuapp.com

This is great. With no configuration or expense at the Heroku end, my app is using SSL with a valid looking certificate. Ok it's a yellow rather than green padlock but hey, not bad for free.

I'm sure this is a stupid question..but how can I run another Rails app on Heroku with a verified certificate without paying for the SSL add-on and purchasing my own certificate?

解决方案

The TLS/SSL connection your browser is establishing is due to the fact the you are connecting to your app via appname.herokuapp.com. This is standard and will automatically work for any app you create out of the box. Heroku provides SSL encryption as you may be sending sensitive information to the server and it is better practice to encrypt data that you may not necessarily deem sensitive, but your client may. All reputable providers (SAS, Web Hosts, Email Providers) will have a wildcard SSL certificate installed to the base domain (*.herokuapp.com) as it is a single certificate that is relatively inexpensive and will secure all the sub-domains automatically.

That being said Apps are SSL-enabled already and can be accessed simply by using https, e.g., https://appname.herokuapp.com, but you would want to go with the SSL endpoint option when you want to establish the trusted relationship with your clients. Both ways are as secure as the other, but with the wildcard SSL (also referred to as a shared SSL certificate) the trust is established between the client via their browser and Heroku not your App/Site. With the SSL signed to your domain.com the clients can connect to your domain and not the Heroku sub-domain and see your site's information in the connection information on the browser. If your site is needing disambiguation from Heroku then is when you will want to proceed with an SSL setup outside the default.

As for what SSL type and issuer to use I would not recommend https://www.startssl.com/ as they do not offer SSLs with high browser ubiquity as they are not fully signed by an external root authority. Comodo and the consumer standard Rapid/GeoTrust are the best choices as far as assurance, recognition, and easy of use and concerned. You only need a DV (domain validated) SSL and they can be had for a few domains a month.

More on this and the Heroku SSL configuration can be found here

这篇关于Heroku上的免费SSL安全证书？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！