Setting up wild card SSL on heroku

Setting up wild card SSL on heroku can be complicated. Recently I had to set it up for a new domain and this time I recorded the whole process.

The ssl certificate in this example was bought from namecheap but the same process would apply for other vendors too.

The video of the whole process is available here.

Script to generate keys

openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr

When the prompt asks for Common name(full qualified host name) then enter *.yourdomainname.com. Since we are setting up a wild card certificate it's important that the common name starts with a *. Otherwise later we are going to get an error.

Except the above mentioned question the answer to other questions do not matter at all. You can enter junk values and the SSL will work just fine.

Hit enter when a challenge password is requested.

Script to generate ssl bundle

$ cat __neetohelp_net.crt __neetohelp_net.ca-bundle > ssl-bundle.crt

Note that the order of the crt and bundle files matters when combining them.

Secondly, as shown in the video, we might have to split the combined line. Now let's examine the contents of the combined file.

$ cat ssl-bundle.crt

If we see a line like the one below:

-----END CERTIFICATE----------BEGIN CERTIFICATE-----

Then we need to split the line such that END and BEG align vertically like so:

-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----