在Heroku上更新SSL证书 [英] Renewing SSL certificate on Heroku
问题描述
我们现有的SSL证书即将到期,因此我们正在尝试安装一个新的证书。然而,在Heroku上的指示是缺乏的...
创建包
要创建包,您应该按照正确的顺序连接一堆中间证书文件。 Heroku示例:
$ cat EssentialSSLCA_2.crt ComodoUTNSGCCA.crt UTNAddTrustSGCCA.crt AddTrustExternalCARoot.crt> bundle.pem
( 这是正确的: 我假设我们不需要提供另一个SSL端点,我们只需更新我们所拥有的端点... (https://devcenter.heroku.com/articles/ssl-endpoint#provision-the-add-on ) 但我不清楚旧版证书会发生什么情况,最初是否添加了这些证书?它们是否被覆盖?他们需要被删除吗? 他们应该如何连接?这是正确的: 如果您提供3个文件 我假设我们不需要提供另一个SSL端点,我们只是更新我们的... 要更新证书,请使用 Our existing SSL certificate is about to expire, and so we're trying to install a new one. However, the instructions on Heroku are lacking... To create the bundle, you're supposed to concatenate a bunch of intermediate cert files together in the correct order. Example on Heroku: (https://devcenter.heroku.com/articles/ssl-certificate-dnsimple) We received a different set of files: How should they be concatenated? Is this correct?:
I'm assuming we don't need to provision another SSL endpoint, we just update the one we have... (https://devcenter.heroku.com/articles/ssl-endpoint#provision-the-add-on) But unclear to me what happens to the old certs the add on was originally provisioned with? Are they over-written? Do they need to be removed? How should they be concatenated? Is this correct?: If you supply the 3 files
I'm assuming we don't need to provision another SSL endpoint, we just update the one we have... To update a certificate use 这篇关于在Heroku上更新SSL证书的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
$ cat(www_our_domain).crt COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt> bundle.pem
添加证书
$ heroku certs:add server.crt server.key bundle.pem
server.crt server.key bundle.pem
,您可以跳过该包中的(www_our_domain).crt
。否则,只需提供一个 server.crt
和一个 server.key
$ cat(www_our_domain).crt COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt> server.crt
heroku certs :更新
,而不是 heroku证书:添加
。请参阅官方文档。Creating the bundle
$ cat EssentialSSLCA_2.crt ComodoUTNSGCCA.crt UTNAddTrustSGCCA.crt AddTrustExternalCARoot.crt > bundle.pem
$ cat (www_our_domain).crt COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt > bundle.pem
Adding the certs
$ heroku certs:add server.crt server.key bundle.pem
server.crt server.key bundle.pem
, you can skip (www_our_domain).crt
in the bundle. Otherwise, simply supply a server.crt
and a server.key
$ cat (www_our_domain).crt COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt > server.crt
heroku certs:update
, not heroku certs:add
. See the official docs.