DEV Community

Discussion on: What was your win this week?

View post

Replies for: This week, I... learned how to set up SSL, disable TLS 1.0, and update our DNS settings without taking down production!!!

Collapse
 
kgoutham93 profile image
Goutham Kolluru

Can you please run down the steps you've followed to achieve this.

Collapse
 
annarankin profile image
Anna Rankin

Sure! I'm using Heroku for this though, so a lot of the "hard stuff" was abstracted away. My basic process was like so:

  1. Follow instructions here to provision the endpoint: SSL Endpoint | Heroku Dev Center
  2. Download the existing key and certificate files from provider
  3. Add certificate to the correct application following instructions in link above
  4. TEST SSL ENDPOINT!!! Make sure it's available before moving on or you might get cert errors on production 🚨
  5. Once live, update CNAME record to point to the herokussl endpoint
  6. Use traceroute to check that domain resolves to the new SSL endpoint
  7. If all is well, remove any old/unused certificates using the heroku certs:remove command from the CLI
  8. Open a support ticket to disable TLS 1.0 support for the affected application
  9. Confirm that TLS 1.0 is disabled using either openssl or SSL Labs (takes much longer but is interesting)
Thread Thread
 
ashatat profile image
Ahmed Shatat

Hi Anna
I'm struggling with the same issue,
I meant to ask, what certificate providers did you use?
and does setting ssl-endpoint means that you have to renew it manually when the certificate expires?
and does this means that if our websites forces browser to use a secure connection that would be a down time if the certificate expires

I am new to this and I've read tons of articles which made me more confused