Discussion on: What was your win this week?

I should note that I've essentially done this with training wheels since we're on Heroku 😂 Here are the resources I used to set this up:

• Setting up the SSL endpoint addon on Heroku
• DNSimple docs
• Lots of traceroute to make sure my new DNS settings were in place
• openssl for confirming that we don't support TLS 1.0 was very useful. openssl s_client -connect google.com:443 -tls1 -servername google.com in particular

General docs that have helped me as I voyage into networking:

• High Performance Browser Networking (TLS section)
• Basically anything by Julia Evans (Networking tools comics here)

Sure! I'm using Heroku for this though, so a lot of the "hard stuff" was abstracted away. My basic process was like so:

1. Follow instructions here to provision the endpoint: SSL Endpoint | Heroku Dev Center
2. Download the existing key and certificate files from provider
3. Add certificate to the correct application following instructions in link above
4. TEST SSL ENDPOINT!!! Make sure it's available before moving on or you might get cert errors on production 🚨
5. Once live, update CNAME record to point to the herokussl endpoint
6. Use traceroute to check that domain resolves to the new SSL endpoint
7. If all is well, remove any old/unused certificates using the heroku certs:remove command from the CLI
8. Open a support ticket to disable TLS 1.0 support for the affected application
9. Confirm that TLS 1.0 is disabled using either openssl or SSL Labs (takes much longer but is interesting)