current community

your communities

more stack exchange communities

Stack Exchange
tour help
careers 2.0
Take the 2-minute tour ×
Stack Overflow is a question and answer site for professional and enthusiast programmers. It's 100% free, no registration required.
up vote 5 down vote favorite

I obtained a security certificate on StartSSL.com and followed the steps on Heroku closely. I was given intermediate as well as root certificates.

I tried different methods to chain these files but I get this error (see screenshot)

http://i.imgur.com/8WVmAVu.jpg

How can I fix this error?

The files that I downloaded are:

ca.pem (root cert)
sub.class1.server.ca.pem (intermediate cert)
copy and pasted the private key as server.key
copy and pasted the certificate as server.orig.crt
There's also the ca-bundle.pem that I tried using but no luck

I just redownloaded all of the files and ran this "cat server.orig.crt sub.class1.server.ca.pem ca-bundle.pem > server.crt" Then ran heroku certs:add server.crt server.key and I get this error

Unable to read server.crt file

Additionally, I just tried without any CAT and simply "heroku certs:add ca-bundle.pem server.key" and I get this error

No certificate given is a domain name certificate
share|improve this question
    
maybe you have to specify that you want to use a password? –  rogerdpack Mar 19 '13 at 18:08
    
how can I do that? –  user2159586 Mar 19 '13 at 19:23
    
Your answer is here: stackoverflow.com/questions/15568922/… –  user623396 Mar 29 '13 at 14:01
add comment

1 Answer

up vote 5 down vote

A pem encoded certificate chain suitable for installation on heroku should consist of, in order: site, intermediate, then root pem encoded certificates.

cat server.orig.crt sub.class1.server.ca.pem ca.pem > heroku.crt

It looks to me more like a problem with your private key -- you need to make sure the pem file isn't encrypted with a passphrase, and that it is the same key pair used to generate the cert. The head of the private key will look like this if encrypted: 

-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
...

instead of just:

-----BEGIN RSA PRIVATE KEY-----
MIICaQIBAAKBhACxlzv7H57F+vapTjqS9qdfDg20RjwFFU1B3yK8SqN7rX0jpjsW
H3B2lhCqKPWd2To2LoOolhnsFbr5qlKK3ep/nuUZfkx1aOIg4L0FgzbuCSJfKE5B
...

In the former case, run (linux, mac os):

openssl rsa -in server.key -out server.unencrypted.key

and enter the passphrase when prompted. Then use server.unencrypted.key in the call to heroku to add the cert.

share|improve this answer
    
Thanks! This helped me so much. –  Skelly Feb 14 at 11:33
add comment

Your Answer

 
discard

By posting your answer, you agree to the privacy policy and terms of service.

Not the answer you're looking for? Browse other questions tagged or ask your own question.