Not getting why I need to add Heroku SSL addon and then purchase SSL certificate and add to my Heroku app, does it mandatory to purchase Heroku SSL to add my SSL certificate into Heroku and why
You only have to pay the certificate price if you are using a paid dyno. You are correct that you have to pay for the certificate AND SSL addon if you are using the free dyno.
https://blog.heroku.com/ssl-is-now-included-on-all-paid-dynos
Related
Did I miss something?
I've created some push notifications in Xamarin.iOS and it works perfectly with the Development certificate.
Then I created a Production certificate and it doesn't work.
Does APNS work differently in Production?
Thanks.
There are a few things to doublecheck. Make sure that:
You're using an App Store and Ad Hoc certificate to sign your app.
You're using an Apple Push Notification service SSL (Sandbox & Production) certificate on the server side
The aps-environment value in your info.plist is set to production
So I have made a small script on my website for my telegram bot. Only problem is that if I set my URL as webhook for the bot it gives an SSL error.
Also tried to add an self signed certificate, so has_custom_certificate turned to true, but the same error appeared.
What am I doing wrong?
You have to create a self-signed certificate for deploying your server over https. If you are using flask you can follow this nice tutorial - https://blog.miguelgrinberg.com/post/running-your-flask-application-over-https
The problem is with your certificate.
The error in your getWebHookInfo:
"last_error_message":"SSL error {337047686, error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed}"
Is Telegram saying that it needs the whole certificate chain (it's also called CA Bundle or full chained certificate).
How to check your certificate:
You can use the SSL Labs SSL Server Test service to check your certificate:
Just pass your URL like the following example, replacing coderade.github.io with your host:
https://www.ssllabs.com/ssltest/analyze.html?d=coderade.github.io&hideResults=on&latest
If you see "Chain issues: Incomplete" you do not serve a full chained certificate.
How to fix:
You need to add all the three needed files (.key, .crt, and .ca-bundle). The Namecheap has very good documentation of how to install an SSL certificate in your site in many different ways, like Apache, Node.js, Nginx and etc. Please, check if you can follow one of the available ways: Namecheap - How to Install SSL certificates
Anyway, you need to download the full chained certificate for your SSL certificate provider and install this on your webserver.
I don't know which service you are using, but for my example, with gunicorn I solved adding the ca-certs with ca-bundle file sent by my SSL Certificate provider (In my case Namecheap Comodo) on my SSL configuration, like the following example:
ca_certs = "cert/my-service.ca-bundle"
For further information: #martini answer on this thread and the FIX: Telegram Webhooks Not Working post.
What steps do I need to take to move my normal node.js application into a state where it is secure on my custom domain? When I visit my heroku application example.herokuapp.com, the connection is secure across https://.
When I forward that heroku domain to my own site however www.example.com, it shows a warning that the connection is not secure.
Are there any articles online that have answered this question? I cannot seem to find any information on what steps to take. Thanks all
The steps for setting up custom domain SSL with your Heroku app are as follows:
1- Add your SSL add-on:
$ heroku addons:add ssl
2- Add the certificate to your app
Using the certificate you generated in the previous step, upload it to Heroku:
$ heroku certs:add server.crt server.key
3- Configure DNS
Add a CNAME record in the DNS configuration that points from the domain name that will host secure traffic e.g. www.yourdomain.com to the SSL endpoint hostname, e.g. example.herokussl.com. Consult your DNS provider for instructions on how to do this. The target should be the fully qualified domain name for the SSL endpoint associated with the domain.
You will find further information in Heroku Dev Center:
https://devcenter.heroku.com/articles/ssl-endpoint
Assuming you have the hobby or professional account, run the following command to get the automated certificate management (ACM) to work:
heroku certs:auto:enable -a <app name>
https://devcenter.heroku.com/articles/automated-certificate-management
Use Expedited CDN add-on and you can force for https for free.
First you need to be in at least hobby plan.
Need to add automated Automated Certificate Management (ACM) and your custom domain/s.
You can add Expedited CDN from resources tab of your project and its free.
Then visit Expedited CDN and configure DNS as mentioned there its easy and hassle free just follow the steps, trust me it will work.
I have provided some screenshots only for reference.
It has lot of additional features you might be looking.
I have a domain that I purchased from Google and a heroku app that I'm trying to send it to.
I've done the steps in this article: https://www.justinvrooman.com/articles/how-to-use-heroku-with-google-domains
and yet when I try to access the site I get a
Your connection is not private
Attackers might be trying to steal your information from www.***.com (for example, passwords, messages, or credit cards). NET::ERR_CERT_COMMON_NAME_INVALID
What am I doing wrong with my set up or why am I getting this message?
It looks like you've enabled SSL in your Rails app but your site doesn't have an SSL certificate configured. To disable SSL, set the following to "false" in your 'config/environments/production.rb' file.
config.force_ssl = false
In addition, in the same file, don't forget to set your "host" equal to your custom domain.
host = 'www.yourdomain.com'
If you want to run SSL on a custom domain (e.g. www.example.com) you'll need to purchase and configure an SSL certificate for your domain.
If, however, you are fine using Heroku's domain (e.g. example.herokuapp.com), then you can piggyback on Heroku's SSL certificate.
More info on running SSL on a custom domain through Heroku: https://devcenter.heroku.com/articles/ssl-endpoint
I have an app that uses APNS and a server that uses SSL certificates generated by Apple member portal.
Both the app and the server are open source, and people using this solution install the server and the app in their own machines. There is no "central" server.
For others to use push notifications, they need SSL certificates that I have. What are the security implications if I share my SSL certificates (private and public) for APNS push with others?