SSL for Custom Domains
SSL is automatically enabled on all apps with default domain names, i.e. domain names that end in the following:
SSL for custom domain names is currently restricted in the following ways:
- Apps on Amazon AWS infrastructures
ONLY for paid accounts ($50/mo or more):
- $ 50/month: 1 SSL Endpoint
- $100/month: 2 SSL Endpoints
- $380/month: 4 SSL Endpoints
- $720/month: 6 SSL Endpoints
Adding SSL to your custom domain is simple. First, make sure you have the following:
- Your RSA private key
- Your SSL certificate
Get an SSL Certificate
If you already have a certificate, skip down to the next section on installation.
To get an SSL certificate from a Certificate Authority, you'll first need to generate an RSA private key and a Certificate Signing Request (CSR).
Generate a private key
You can use the
openssl toolkit to generate an RSA private key and a CSR:
$ openssl genrsa -des3 -out server.key 1024
You'll have to use a passphrase when you generate the key, but we'll remove it later.
Generate a CSR
You can now use the private key you just made to generate a CSR:
$ openssl req -new -key server.key -out server.csr
Get a certificate from a Certificate Authority
You can now send your CSR (the
server.csr file) to a Certificate Authority, which they'll use to generate your certificate. Once you have that, you're ready to set up SSL for your AppFog app.
Install your private key and SSL certificate
If your private key is password-protected, you'll have to remove the password first:
$ cp server.key server.key.org $ openssl rsa -in server.key.org -out server.key
Upload Certificate Data
Now you're ready to head over to the AppFog web console. Click on one of your apps, hit the "SSL" tab on the left, and hit the "Get Started" button.
On the "Upload Certificate Data" screen, click on the "Upload Your Certificate" button and navigate to your certificate file (
server.crt if you followed the instructions above).
Next, click on the "Upload Your Private Key" button and navigate to your private key (
server.key if you followed the instructions above).
Then do the same with any intermediate certificates your Certificate Authority gave you.
You now have an SSL terminator that should look something like:
Change your DNS
Now head over to your DNS host and update your app's CNAME alias to point at the SSL terminator you just created. That's it! Once your new DNS settings propagate, SSL will be enabled for your app.