Heroku Comodo SSL,它不起作用吗?
[英]Heroku Comodo SSL and it not working?
问题描述
I purchased, this morning SLL certificates from Comodo (via DNSimple) and have been trying to get it to work on my domain. 
我今天早上从Comodo购买了SLL证书(通过DNSimple),并且一直在尝试使其在我的域中运行。 Sigh. 叹。 Not having a lot of success. 没有很大的成功。
The certificates I have are listed in the email from Comodo as: 我拥有的证书在Comodo的电子邮件中列出为:
Root CA Certificate - AddTrustExternalCARoot.crt
Intermediate CA Certificate - COMODORSAAddTrustCA.crt
Intermediate CA Certificate - COMODORSADomainValidationSecureServerCA.crt
Your EssentialSSL Certificate - www_XXXXXXX_com.crt
Following the blog post by Ryan McGeary I have ensured that I do the following putting the cry files in the reverse order from that suggested in the email: 根据Ryan McGeary的博客文章,我已确保我执行以下操作以与电子邮件中建议的相反顺序放置cry文件:
cat www_XXXXXXXX_com.crt COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt > www_XXXXXXXX_com-bundle.pem
I downloaded the key from DNSimple too and saved that to a file called server.key . 我也从DNSimple下载了密钥,并将其保存到名为server.key的文件中。
When I add the certificates to Heroku I use the following command: 将证书添加到Heroku时,使用以下命令:
heroku certs:add www_XXXXXXXX_com-bundle.pem server.key
Which seemed to report no errors in the following: 似乎在以下方面未报告任何错误:
Resolving trust chain... done
Adding SSL Endpoint to XXXXXXXX... done
XXXXXXXX now served by XXXXXXXX.herokussl.com
Certificate details:
Common Name(s): XXXXXXXX.com
www.XXXXXXXX.com
Expires At: 2015-09-28 23:59 UTC
Issuer: /OU=Domain Control Validated/OU=EssentialSSL/CN=www.XXXXXXXX.com
Starts At: 2014-09-28 00:00 UTC
Subject: /OU=Domain Control Validated/OU=EssentialSSL/CN=www.XXXXXXXX.com
SSL certificate is verified by a root authority.
When I do heroku certs , I get the following: 当我做heroku certs ,我得到以下信息:
Endpoint Common Name(s) Expires Trusted
------------------------- ------------------------------ -------------------- -------
XXXXXXXXXXX.herokussl.com www.XXXXXXXX.com, XXXXXXXX.com 2015-09-28 23:59 UTC True
Following the instruction from Heroku I try the certificate with: 按照Heroku的指示,我尝试使用以下证书:
curl -kvI https://www.XXXXXXXX.com
Heroku says I should expect output similar to: Heroku说我应该期望输出类似于:
$curl -kvI https://www.example.com
* About to connect() to www.example.com port 443 (#0)
* Trying 50.16.234.21... connected
* Connected to www.example.com (50.16.234.21) port 443 (#0)
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using AES256-SHA
* Server certificate:
* subject: C=US; ST=CA; L=SF; O=SFDC; OU=Heroku; CN=www.example.com
* start date: 2011-11-01 17:18:11 GMT
* expire date: 2012-10-31 17:18:11 GMT
* common name: www.example.com (matched)
* issuer: C=US; ST=CA; L=SF; O=SFDC; OU=Heroku; CN=www.heroku.com
* SSL certificate verify ok.
I don't get anything like that ... 我什么都没得到...
* Adding handle: conn: 0x7fe62c004400
* Adding handle: send: 0
* Adding handle: recv: 0
* Curl_addHandleToPipeline: length: 1
* - Conn 0 (0x7fe62c004400) send_pipe: 1, recv_pipe: 0
* About to connect() to www.XXXXXXXX.com port 443 (#0)
* Trying 50.16.247.106...
* Connected to www.XXXXXXXX.com (50.16.247.106) port 443 (#0)
* TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
* Server certificate: www.XXXXXXXX.com
* Server certificate: COMODO RSA Domain Validation Secure Server CA
* Server certificate: COMODO RSA Certification Authority
* Server certificate: AddTrust External CA Root
> HEAD / HTTP/1.1
> User-Agent: curl/7.30.0
> Host: www.XXXXXXXX.com
> Accept: */*
And this seems to suggest that when I try https://www.XXXXXXXX.com (my root address) I don't get any indication of the SSL. 这似乎表明当我尝试使用https://www.XXXXXXXX.com (我的根地址)时,我没有任何关于SSL的指示。
Obviously something is wrong, but I have no idea what, or how to correct it. 显然有些地方出了问题,但是我不知道该怎么办或如何纠正。 I've followed all the advice I can find online, but it all seems to be slightly different to the certificates I have received from Comodo. 我遵循了我在网上可以找到的所有建议,但这些建议似乎与我从Comodo获得的证书略有不同。 And I have no idea how to work this through to make the SSL certificate work. 而且我不知道如何解决这个问题以使SSL证书正常工作。
Any help to resolve this would be excellent as it's really stumped me. 解决这个问题的任何帮助都将是非常棒的,因为这确实让我感到困惑。
I've also ensured my DNS records for www.XXXXXXXX.com and XXXXXXX.com are pointing to the herokussl.com URL stated in the set up. 我还确保了www.XXXXXXXX.com和XXXXXXX.com的DNS记录指向设置中所述的herokussl.com URL。
I've left this for 10 hours hoping it might "ripple through", but there is something wrong and I don't know what. 我将其保留了10个小时,希望它可以“涟漪通”,但是出了点问题,我也不知道是什么。
Thanks in advance for any help you might be able to give. 在此先感谢您提供的任何帮助。
1 个解决方案
解决方案1
1 已采纳 2014-10-01 23:29:02
Simone was very helpful in checking that things seemed to be working as they should with regards to the installation of the certificate with Heroku. Simone在检查与Heroku一起安装证书方面应该发挥的作用方面非常有帮助。 It would appear however that there was "mixed content" on each of my HTML pages which meant the "Protected" icons were not coming up in Safari (and were showing in a limited way in Firefox). 但是,似乎每个HTML页面上都有“混合内容”,这意味着Safari中没有出现“受保护”图标(在Firefox中以有限的方式显示)。
On changing all HTML content to be referenced with https:// rather than http:// gave me the required security for the whole page. 更改所有HTML内容以使用https://而不是http://进行引用时,给了我整个页面所需的安全性。
I also needed to add the following to my application.rb to get my Rails application to serve all pages securely: 我还需要将以下内容添加到application.rb以使Rails应用程序安全地服务所有页面:
config.force_ssl = true
Hope this comes in useful for other people! 希望这对其他人有用!
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.