emSign Knowledge Base
  • emSign
  • Getting Started
    • About emSign
    • Why emSign?
    • Key Highlights
      • Root Store Listings
      • Trust
      • Security
    • Certificate Lifecycle and Key Management Platform (CERTInext)
  • emSign CERTInext
    • Overview
    • Getting Started
      • Enterprise Sign up
      • Partner Sign up
      • Retail Customers
      • Multi-factor & Trusted login
        • Multifactor Authentication and Single Sign On
        • Enforce 2FA
        • IP Restrictions
        • Digital Certificate based login
      • Alerts and Notifications
    • User and Group Management
    • Ordering a Certificate
      • As a Customer
        • DV certificates
        • OV Certificates
        • EV Certificates
        • SMIME Certificates
        • Intranet SSL Certificate
        • IGTF Certificates
        • Subscription Plan Coverage for SSL Products
        • Group-based Certificates Ordering
        • Ordering using Custom Fields
      • As a Partner
        • Order for Customers
        • Order for Sub-accounts
      • Requester Approval Workflows
        • EV requests by Authorized Signatory
        • Certificate requests by Administrator
      • Submitting a Certificate Signing Request (CSR)
        • Submit CSR for Pending Orders
        • Replace CSR for Pending Orders
      • Downloading Certificates
        • Download Interim DV
        • Download Certificate
      • Post Order Actions
        • Renew Certificate
        • Revoke an issued Certificate
        • Reissue Certificate
        • Add / Remove SANs for Multi-Domain SSL
    • Management
      • Domains
      • Organizations
      • Orders
      • Products
      • Templates
        • CSR Templates
        • Provisioning Templates
    • Integrations
      • Using APIs to Order
        • REST APIs
        • ACME APIs
      • Tools
        • eMudhra Certificate Utility Tool
        • eMudhra emSign Click Tool
          • Procedure for installing Certificate in HSM
          • Procedure for Attested CSR Generation
      • CA Connectors
    • Billing & Payments
      • Add Credits
      • Invoices
      • Statement (Ledger Statement)
      • Product Price List
    • Reports
      • Orders Report
      • Overall Statistics
      • Certificates Report
      • Key Store Report
      • Key Report
      • Sales Summary
      • Audit Logs
    • Settings
      • Reporting Tags
      • Manage Schedules
      • Custom Fields
    • Certificate Lifecycle Management
      • Discover Certificates
      • emSign CERTInext Bot
    • Key Lifecycle Management
      • Manage Keys
      • Key Profiles
      • Key Store
  • Consent Management
  • Certificate Approval Process
    • Domain Validation (DV) Process
    • Organization Validation (OV) Process
    • Extended Validation (EV) Process
    • User Certificates Process
    • SMIME Certificate Process
    • Qualified Sources
  • Certificate Installation
    • Before you install
    • Browser Compatibility
    • emSign's Security Seal
    • Installing SSL Certificate on IIS
    • Installing SSL Certificate on cPanel
    • Installing SSL Certificate on Amazon Web Services (AWS)
    • Installing SSL Certificate on Apache
    • Installing SSL Certificate on Plesk 12
    • Installing SSL Certificate on NGINX
    • Installing SSL Certificate on Google App Engine
    • Installing SSL Certificate on WHM
    • Installing SSL Certificate on Ubuntu
    • Installing SSL Certificate on Tomcat
    • Installing SSL Certificate on Heroku
    • Installing SSL Certificate on Bigcommerce
    • Installing Root & Intermediate Certificates for Intranet SSL
    • Supported Devices for auto-provisioning of certificates
    • SSL/TLS Server Rating Guide
  • Release Notes
    • Introduction
    • R1619 (07-Apr-2025)
    • R1591 (10-Mar-2025)
    • R1581 (28-Feb-2025)
    • R1553 (31-Jan-2025)
    • R1522 (31-Dec-2024)
    • R1490 (29-Nov-2024)
    • R1460 (30-Oct-2024)
    • R1427 (27-Sep-2024)
    • R1371 (02-Aug-2024)
    • R1354 (16-Jul-2024)
    • R1300 (23-May-2024)
    • R1251 (04-Apr-2024)
    • R1230 (14-Mar-2024)
    • R1196 (09-Feb-2024)
    • R1167 (11-Jan-2024)
    • R1152 (27-Dec-2023)
    • R1139 (14-Dec-2023)
    • R1124 (29-Nov-2023)
    • R1115 (20-Nov-2023)
    • R1101 (06-Nov-2023)
    • R1075 (11-Oct-2023)
    • R1062 (28-Sep-2023)
    • R1046 (12-Sep-2023)
    • R1039 (05-Sep-2023)
    • R1031 (28-Aug-2023)
    • R1024 (21-Aug-2023)
    • R1001 (29-Jul-2023)
Powered by GitBook

© eMudhra. All Rights Reserved.

On this page

Was this helpful?

Export as PDF
  1. Certificate Installation

Installing SSL Certificate on Heroku

  • To install an SSL certificate on a Heroku application, you need to use the Heroku SSL add-on, or if you're using Heroku Private Spaces, you can add your SSL certificate using Heroku Private Spaces. Here are the steps to install an SSL certificate on a Heroku app using the Heroku SSL add-on

Prerequisites

  • You should have a Heroku account.

  • You should have access to your DNS provider to make necessary DNS changes.

  • You must have a valid SSL certificate. You can obtain one from a certificate authority like Let's Encrypt, or purchase one from a certificate provider.

  • To convert your .cer into different file formats, Utilize our eMudhra utility tool to seamlessly transform your files into .cer, .pfx (.p12), .jks, or .pem formats, and conveniently import zip files using our CSR tool."

Steps:

1.Provision the Heroku SSL Add-On You need to add the Heroku SSL add-on to your application. You can do this using the Heroku CLI. Open your terminal and run: $ heroku addons:create ssl:endpoint

2.Next, you will need to upload your certificate.crt and ca_bundle.crt files into the SSL directory of your application. As soon as both files are uploaded, you will need to merge these files into one. To merge the files, run the following command: $ cat example.crt ca_bundle.crt certificate.crt

3.Add your SSL Certificate Now you can import your private.key file and your certificate.crt file using the command below: $ heroku certs:add certificate.crt private.key

4.The response that follows will outline the details of your SSL certificate and installation, including the hostname selected for your SSL endpoint. Please note that in some cases it can take up to 30 minutes for your SSL endpoint to be created.

Adding SSL Endpoint to example? done example now served by example-0000.herokussl.com. Certificate details: [certificate details] Expires at: [certificate details] Issuer: [certificate details] Starts at: [certificate details]

5.As soon as your SSL endpoint has been created successfully, you will need to create a CNAME record in order to route all future requests for your domain to the new Heroku SSL endpoint's hostname. The CNAME should like like the example record below:

  • Record type: CNAME

  • Name: @ or www

  • Point To: example-0000.herokussl.com

Please Note

  • The CNAME record above contains example information. You will need to add your own Heroku endpoint hostname for the record to work correctly. If you do not want to set a CNAME record for your root domain (@ or www), you can also specify one for a sub-domain.

6.Update your Heroku App to use SSL

Make sure your Heroku app is configured to use SSL. You can check your application's settings to ensure that SSL is enabled. If it's not, you can enable it using the Heroku CLI: heroku features:enable http:endpoint

7.Check Installation

You have completed all the required steps to install your SSL certificate. Verify that the SSL certificate is correctly installed by accessing your website or service using HTTPS. After installing your certificate, it is a good practice to test your SSL setup using various online tools to ensure everything is working correctly.

PreviousInstalling SSL Certificate on TomcatNextInstalling SSL Certificate on Bigcommerce

Last updated 1 year ago

Was this helpful?