在Heroku上更新SSL证书 [英] Renewing SSL certificate on Heroku

问题描述

我们现有的SSL证书即将到期，因此我们正在尝试安装一个新的证书。然而，在Heroku上的指示是缺乏的...

创建包

要创建包，您应该按照正确的顺序连接一堆中间证书文件。 Heroku示例：

  $ cat EssentialSSLCA_2.crt ComodoUTNSGCCA.crt UTNAddTrustSGCCA.crt AddTrustExternalCARoot.crt> bundle.pem 
  

（

• AddTrustExternalCARoot.crt


• COMODORSAAddTrustCA.crt
• COMODORSADomainValidationSecureServerCA.crt


• （www_our_domain）.crt
  
  
  

  这是正确的：

    $ cat（www_our_domain）.crt COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt> bundle.pem 
    

  
  
  

  添加证书

  
  
  

  我假设我们不需要提供另一个SSL端点，我们只需更新我们所拥有的端点...

    $ heroku certs：add server.crt server.key bundle.pem 
    

  （https://devcenter.heroku.com/articles/ssl-endpoint#provision-the-add-on ）
  
  

  但我不清楚旧版证书会发生什么情况，最初是否添加了这些证书？它们是否被覆盖？他们需要被删除吗？
  

  解决方案

  
  

  他们应该如何连接？这是正确的：
  

  如果您提供3个文件 server.crt server.key bundle.pem ，您可以跳过该包中的（www_our_domain）.crt 。否则，只需提供一个 server.crt 和一个 server.key

    $ cat（www_our_domain）.crt COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt> server.crt 
    

  
  
  

  
  

  我假设我们不需要提供另一个SSL端点，我们只是更新我们的...

  
  

  要更新证书，请使用 heroku certs ：更新，而不是 heroku证书：添加。请参阅官方文档。

  
  

  Our existing SSL certificate is about to expire, and so we're trying to install a new one. However, the instructions on Heroku are lacking...

  Creating the bundle

  To create the bundle, you're supposed to concatenate a bunch of intermediate cert files together in the correct order. Example on Heroku:

  $ cat EssentialSSLCA_2.crt ComodoUTNSGCCA.crt UTNAddTrustSGCCA.crt AddTrustExternalCARoot.crt > bundle.pem
  

  (https://devcenter.heroku.com/articles/ssl-certificate-dnsimple)

  We received a different set of files:

  • AddTrustExternalCARoot.crt
  • COMODORSAAddTrustCA.crt
  • COMODORSADomainValidationSecureServerCA.crt
  • (www_our_domain).crt

  How should they be concatenated? Is this correct?:

  $ cat (www_our_domain).crt COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt > bundle.pem
  

  Adding the certs

  I'm assuming we don't need to provision another SSL endpoint, we just update the one we have...

  $ heroku certs:add server.crt server.key bundle.pem
  

  (https://devcenter.heroku.com/articles/ssl-endpoint#provision-the-add-on)

  But unclear to me what happens to the old certs the add on was originally provisioned with? Are they over-written? Do they need to be removed?

  解决方案

  How should they be concatenated? Is this correct?:

  If you supply the 3 files server.crt server.key bundle.pem, you can skip (www_our_domain).crt in the bundle. Otherwise, simply supply a server.crt and a server.key

  $ cat (www_our_domain).crt COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt > server.crt
  

  I'm assuming we don't need to provision another SSL endpoint, we just update the one we have...

  To update a certificate use heroku certs:update, not heroku certs:add. See the official docs.

  这篇关于在Heroku上更新SSL证书的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！