re: What was your win this week? VIEW POST

FULL DISCUSSION
 

This week, I... learned how to set up SSL, disable TLS 1.0, and update our DNS settings without taking down production!!!

omg

 

Gratz!! I am browsing basically the same waters (mostly SSL now), so any resources / links could be of a great help :) Once again - sincere congratulations :)

 

I should note that I've essentially done this with training wheels since we're on Heroku 😂 Here are the resources I used to set this up:

General docs that have helped me as I voyage into networking:

 

Can you please run down the steps you've followed to achieve this.

 

Sure! I'm using Heroku for this though, so a lot of the "hard stuff" was abstracted away. My basic process was like so:

  1. Follow instructions here to provision the endpoint: SSL Endpoint | Heroku Dev Center
  2. Download the existing key and certificate files from provider
  3. Add certificate to the correct application following instructions in link above
  4. TEST SSL ENDPOINT!!! Make sure it's available before moving on or you might get cert errors on production 🚨
  5. Once live, update CNAME record to point to the herokussl endpoint
  6. Use traceroute to check that domain resolves to the new SSL endpoint
  7. If all is well, remove any old/unused certificates using the heroku certs:remove command from the CLI
  8. Open a support ticket to disable TLS 1.0 support for the affected application
  9. Confirm that TLS 1.0 is disabled using either openssl or SSL Labs (takes much longer but is interesting)
code of conduct - report abuse