/ #heroku 

herokuにて独自ドメインのアプリでSNI SSLを使う(その2)

herokuでSNI SSLアドオンを追加し、証明書の登録までやってみました。手順をのせておきます。
鍵長を2048ビットにしたり、擬似乱数ファイルを使ったりなどは必要に応じてどうぞ。

やったことは以下の通りです。

  1. 秘密鍵の生成
  2. CSRの生成
  3. パスフレーズを除去した秘密鍵の生成
  4. herokuへ証明書を登録

実際にはこの他に、SSLアドオンの追加も必要ですが、私はWeb経由でやってしまいっていたので割愛。

[code lang=”bash”]
bash-3.2$ openssl genrsa -des3 -out example.com.key 1024
Generating RSA private key, 1024 bit long modulus
Enter pass phrase for example.com.key:
Verifying — Enter pass phrase for example.com.key:

bash-3.2$ openssl req -new -key example.com.key -out example.com.key.csr
Enter pass phrase for example.com.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
 — — -
Country Name (2 letter code) [AU]:JP
State or Province Name (full name) [Some-State]:Kanagawa
Locality Name (eg, city) []:Yokohama
Organization Name (eg, company) [Internet Widgits Pty Ltd]:example
Organizational Unit Name (eg, section) []:example
Common Name (eg, YOUR name) []:example.com
Email Address []:

Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

bash-3.2$ openssl rsa -in example.com.key -out example.com.nopassword.key
Enter pass phrase for example.com.key:
writing RSA key

bash-3.2$ heroku ssl:add example.com.crt example.com.nopassword.key — app example
Added certificate to example.com, expiring in 2013/02/03 05:02:47 -0800
[/code]

Edit(Admin)