re: What was your win this week? VIEW POST

re: This week, I... learned how to set up SSL, disable TLS 1.0, and update our DNS settings without taking down production!!!

Can you please run down the steps you've followed to achieve this.


Sure! I'm using Heroku for this though, so a lot of the "hard stuff" was abstracted away. My basic process was like so:

  1. Follow instructions here to provision the endpoint: SSL Endpoint | Heroku Dev Center
  2. Download the existing key and certificate files from provider
  3. Add certificate to the correct application following instructions in link above
  4. TEST SSL ENDPOINT!!! Make sure it's available before moving on or you might get cert errors on production 🚨
  5. Once live, update CNAME record to point to the herokussl endpoint
  6. Use traceroute to check that domain resolves to the new SSL endpoint
  7. If all is well, remove any old/unused certificates using the heroku certs:remove command from the CLI
  8. Open a support ticket to disable TLS 1.0 support for the affected application
  9. Confirm that TLS 1.0 is disabled using either openssl or SSL Labs (takes much longer but is interesting)
code of conduct - report abuse