Joe Designs
WE MAKE APPS IN ALBUQUERQUE & TAOS NM


RIP - IE

Godaddy SSL Certificate Install on Heroku Post Heartbleed

April 15th 2014

Well, it has been many moons since the last blog post, but I figured this one was worth writing about since it caused me much heart burn. If I can help save someone else time and heart burn, it is worth the writing. Anwyay, I am just going to go through some quick steps on adding or updating your Heroku SSL Endpoint after the very popular Heartbleed vulnerability was discovered. My night started out in a bit of a panic after reading more about the Heartbleed issues, then ended up in pure frustration and a bit of insanity. Heroku as many others had suggested that re-keying and issuing your certificates was a strong way to mitigate the vulnerabilities in Heartbleed. I began to regenerate the key and csr files as usual.

Here's the command to generate your new private key.

openssl genrsa -des3 -out server.pass.key 2048

Just set a simple password that can be used again in the following steps.

openssl rsa -in server.pass.key -out server.key

Now you should have your private key "server.key", it's now time to generate your CSR. What is a CSR? It is a certtificate signing request, that you submit to your SSL provider, like Godaddy, DNSimple or RapidSSL. To generate your CSR run the following:

openssl req -nodes -new -key server.key -out server.csr

You will be asked a series of questions, make sure that your Common Domain/Organization & Country Code matches exactly what you have used during the purchase of your SSL certificate. Now you should have a CSR, just submit it during the re-issuing process for your provider. Typically they will send you an email after the CSR was accepted and approved. Take your downloaded certificate and intermediate files. In Godaddy's case, they supply a gd_intermediate file.

Now that you have all your files, you will want to use the Heroku Toolbelt to add or update the certificates.

If you are updating your certificate, this will not change the Heroku SSL endpoint.

certs:update server.crt gd_bundle-g2-g1.crt server.key

If you are adding a certificate, you will see you newly generated SSL endpoint.

certs:add server.crt gd_bundle-g2-g1.crt server.key

Now here is the part of the trouble I had. I had done these steps, did some testing and things looked good. Then we had gotten a call with someone having SSL errors, but it was weird, because we hadn't heard anything from anyone else. The SSL warning's we're due to the certificate not being trusted by root user. For some reason, this only effected a very very small percentage of users. We had to have this fixed ASAP. The next steps I took, was a maze of different combinations of comibining files, signing in different orders, and even getting an additional certificate from another company. No luck, the issue persisted, luckily I was able to find one computer and a browser that could constatnly reproduce the problem, it just happened to be a virtual machine running Ubuntu and Firefox. After hours of scratching my head and pulling my hair out, I tried something that is mentioned in the Heroku documentation called --bypass. The bypass switch will ensure that the certificates are unaltered in the Heroku installation process. I had seen it over and over again as I read the documentation, but never thought it would make a difference. It certainly does make a world of a difference.

For updating with bypass

certs:update server.crt gd_bundle-g2-g1.crt server.key --bypass

For adding

certs:add server.crt gd_bundle-g2-g1.crt server.key --bypass

You should see your status of the installation for the SSL certificate from here. Just sit back and relax now, because your SSL certificate should be properly installed. Why Heroku messes with the certificates that you upload is beyond me, but it is great they have a bypass option.

1 Comment

Costa Rica 2013

March 12th 2013

No comments, post your comment here.

Slim CSS Bar Chart

December 6th 2011

Here is one of the most recent sunday projects finished on a monday night, and published on a tuesday.  I had a need to make some super simple percentage bar charts, so I figured I'd start off with making the stripped down version then integrate later, so everyone can use and mess with as much as they want.  Let me know what you think.  I know this project uses the less css framework, which is pretty awesome for people writing css over and over again, it makes it exciting again.  Of course this css chart will work without the less framework, we'd just need to grab the compiled version of the css.

I hope this finds a use for someone out there.. Thanks!

GitHub Page

No comments, post your comment here.

Beautiful Analytics Charts

April 23rd 2011

This is derived from a raphael example, rewritten to use prototype and support a few more configurations. My overall goal with this line chart was to create a simple and easy to use library that can create great looking line charts. After seeing raphael's example, I knew this was the perfect place to start.  Please leave comments, and let me know what you think. 

13 Comments

San Francisco

January 22nd 2011

I must say, San Francisco is truly an amazing city.  I recently visited the city for a workshop/conference.  While I was there, I was sure to find some street art and unique spots in the city.  I've always admired San Francisco for the technology, people, public transportation, organization, history and so much more. It is too bad these pictures I've captured are low quality taken with my iphone4.  One of these days I'm gonna have to make a permanent move to the city, as its one of my favorite places I've ever been.

No comments, post your comment here.

1 2 3 4 5 6 7 8 9 10