herokuでSNI
SSLアドオンを追加し、証明書の登録までやってみました。手順をのせておきます。
鍵長を2048ビットにしたり、擬似乱数ファイルを使ったりなどは必要に応じてどうぞ。
やったことは以下の通りです。
- 秘密鍵の生成
- CSRの生成
- パスフレーズを除去した秘密鍵の生成
- herokuへ証明書を登録
実際にはこの他に、SSLアドオンの追加も必要ですが、私はWeb経由でやってしまいっていたので割愛。
[code lang=”bash”]
bash-3.2$ openssl genrsa -des3 -out example.com.key 1024
Generating RSA private key, 1024 bit long modulus
Enter pass phrase for example.com.key:
Verifying — Enter pass phrase for example.com.key:
bash-3.2$ openssl req -new -key example.com.key -out
example.com.key.csr
Enter pass phrase for example.com.key:
You are about to be asked to enter information that will be
incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a
DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
— — -
Country Name (2 letter code) [AU]:JP
State or Province Name (full name) [Some-State]:Kanagawa
Locality Name (eg, city) []:Yokohama
Organization Name (eg, company) [Internet Widgits Pty Ltd]:example
Organizational Unit Name (eg, section) []:example
Common Name (eg, YOUR name) []:example.com
Email Address []:
Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
bash-3.2$ openssl rsa -in example.com.key -out
example.com.nopassword.key
Enter pass phrase for example.com.key:
writing RSA key
bash-3.2$ heroku ssl:add example.com.crt
example.com.nopassword.key — app example
Added certificate to example.com, expiring in 2013/02/03 05:02:47
-0800
[/code]