I have my domain CNAME point to myapp-mynamespace.rhcloud.com however it throws this certificate error:
Doing rhc alias add proxy proxy.mynamespace.com would do the trick.
However, I just want to point arbitrary domain CNAME (like ww2 of xyz.com, abc.com or somedomain.com) to myapp-mynamespace.rhcloud.com
How do I get around this ssl issue, is it possible that when I point ww2 CNAME of xyz.com to my openshift app (myapp-mynamespace.rhcloud.com) it will not do https or ssl thing--just plain http.
You don't want a CNAME record, you want a web redirection, else the domain name will remain the one that points to rhcloud.com and the certificate will still be invalid for your web clients.
If you want to use SSL with your custom domain on OpenShift then you will need to upgrade to the Bronze or Silver plan and purchase an SSL certificate and install it for your alias.
Related
I am pretty new with the domain configuration part. I want to know that can I generate SSL only for my subdomain I didn't want to add the root domain with CLOUDFLARE because my root domain already has SSL certificate. Is it possible to do that? I have purchased my domain from the GODADDY. I will add the generated SSL certificate to IIS.
Please help me out !!
Edit: I don't want to add my root domain to CLOUDFLARE because if I will do it I have to change my NAMESERVER for the same and my root domain already has SSL.
I believe what you're looking for is the CNAME setup on Cloudflare. This is the alternative method of Name Server setup. However, this setup requires a Business plan. With CNAME setup, you can have just a certain subdomains to be used with Cloudflare. With proxy turned on the subdomain, you'd get the usual Universal SSL certification from Cloudflare.
I'm working on a Ruby on Rails SaaS app with a custom subdomain for each company. When a company signs up, the user is redirected to her subdomain.myapp.io.
The app is hosted on Heroku and DNS are managed at CloudFlare. I use the free SSL feature provided by CloudFlare, which works as expected for https://myapp.io.
My issue is about having SSL active for the subdomains. I wonder if this is possible without buying a wildcard SSL certificate.
CloudFlare DNS setup:
myapp.io. 300 IN CNAME myapp.herokuapp.com.
*.myapp.io. 300 IN CNAME myapp.herokuapp.com.
Heroku domains setup:
myapp.io
*.myapp.io
This works, but without SSL on subdomains. It is not possible to use CloudFlare features (such as SSL Full) for wildcard subdomains (except for Entreprise plan users).
I think I need to buy a wildcard SSL certificate for my domain ($115/year) and add the SSL Endpoint Heroku add-on ($7/month). Am I wrong?
Short answer:
You can't have a free wildcard SSL (Full protection) for subdomains on CloudFlare (Free plan).
Long answer:
I mean using wildcard with CloudFlare (Free plan), CloudFlare proxy protection and acceleration are bypassed (no orange cloud) so your origin server SSL certificate will be used instead. So to enable SSL you need to add a CNAME record for each subdomain (the cloud icon should be orange).
Example:
foo.myapp.io. 300 IN CNAME myapp.herokuapp.com.
bar.myapp.io. 300 IN CNAME myapp.herokuapp.com.
(You don't need to add any record for custom domains in Heroku if you already have *.myapp.io)
[EDIT]
Maybe you can add DNS records dynamically via CloudFlare's API (https://api.cloudflare.com/#dns-records-for-a-zone-create-dns-record)
(I didn't try that...)
Workaround:
As you said:
Pay for CloudFlare Enterprise
Buy a wildcard SSL certificate + Heroku SSL SNI (https://devcenter.heroku.com/articles/ssl-beta)
Hope it will help.
I have one domain purchased from GoDaddy.
lets say it is www.example.com, I have purchased wild card SSL certificate from GoDaddy for this domain.
This domain is pointing to one of my app on Heroku. When I type http://www.example.com, it is working fine. But when I type https://www.exapmle.com,
It says "web page not available" and error code is:
"ERR_CONNECTION_REFUSED".
So do I need to add SSL certificate on Heroku too? How https will work on my site when it's pointing to Heroku? Thank you in advance.
You need to upload your SSL certificate to Heroku with its CLI command heroku certs:add. Probably you also need to activate an SSL Endpoint addon ($20/month) and set your DNS CNAME pointing to it.
See https://devcenter.heroku.com/articles/ssl-endpoint#provision-the-add-on for details, and subsequent sections.
I bought the ssl certificate, added the ssl endpoint, changed the CNAME in my DNS to redirect to the ssl url provided by Heroku
Going to http://thekds.org Redirects me to https://kappa-delta.herokuapp.com instead of https://thekds.org. WHY IS THIS???
When you use the SSL:endpoint you can't access the site on the URL assigned to the SSL endpoint so you can't implement a redirect here. You need to have to DNS records CNAME'd to the herokussl.com address that was provided when the endpoint was added.
I'll also add, you need to ensure that because you want to use the apex record (ie thekds.org) that you need to use a DNS provider that supports using CNAME records there. DNSimple, DNSmadeeasy, PointDNS to name a few support this record type.
I'm confused with this line in the Heroku docs (https://devcenter.heroku.com/articles/ssl-certificate)
You must enter a subdomain in the “Host Name” field. Leaving it blank will generate a root-domain certificate which is not compatible with Heroku’s SSL endpoint.
What I want is https://foo.com and https://www.foo.com to work.
So what do I need to fill in this field to get a SSL certificate that will help me achieve the above?
The rest of the steps (setting CNAME to Heroku's SSL endpoint, adding an ALIAS to redirect the root domain etc) are clear to me. I'm just stuck on this step, should it be blank or 'www' or something else?
If you want your certificate to be valid for the rood domain AND the www hostname, then you should use the www.example.com version.
You can also purchase a wildcard, but unless you need to support any extra subdomain, the cost is not worth in this case.
More details are available in the support page Selecting the Certificate Hostname.
You should fill in www.
www is just a subdomain so that will solve your www.foo.com problem but you will have to redirect the naked domain https://foo.com to the www one though.
Enter "*" for your host name, it will be valid for all subdomains including the root subdomain.