Configuring SSL for a Custom Domain

SSL is automatically enabled on all apps with the AppFog-specific subdomain names, i.e. domain names that end in the following:

  • *.aws.af.cm
  • *.ap01.aws.af.cm
  • *.eu01.aws.af.cm

Note: While CLC (CenturyLink Cloud) data centers have SSL endpoints, AppFog v1 doesn't have the ability to use them. AppFog v2 will have that functionality.

Note: SSL for custom domain names is currently only available for:

  • Apps deployed onto the Amazon AWS infrastructures
  • The following plans:

    • Developer: 1 SSL Endpoint
    • Silver: 2 SSL Endpoints
    • Gold: 4 SSL Endpoints
    • Platinum: 8 SSL Endpoints

Setting up SSL on your Custom Domain

Adding SSL to your custom domain is simple. First, make sure you have the following:

  • Your RSA private key
  • Your SSL certificate
  • Intermediate certificate from the Certificate Authority (of the same Class as your SSL certificate, if applicable)

Get an SSL Certificate

If you already have a certificate, skip down to the next section on installation.

To get an SSL certificate from a Certificate Authority, you'll first need to generate an RSA private key and a Certificate Signing Request (CSR).

Generate a private key

You can use the openssl toolkit to generate an RSA private key and a CSR:

$ openssl genrsa -des3 -out server.key 2048

Note: the strength of your key is up to you (although some Certificate Authorities require a minimum bit depth). This command will create a 2048-bit key. Other values can be used. Refer to the OpenSSL documentation for more on this.

You'll have to use a passphrase when you generate the key, but we'll remove it later.

Generate a CSR

You can now use the private key you just made to generate a CSR:

$ openssl req -new -key server.key -out server.csr

Get a certificate from a Certificate Authority

You can now send your CSR (the server.csr file) to a Certificate Authority, which they'll use to generate your certificate. Once you have that, you're ready to set up SSL for your AppFog app.

Install your private key and SSL certificate

If your private key is password-protected, you'll have to remove the password first:

$ cp server.key server.key.org
$ openssl rsa -in server.key.org -out server.key

Upload Certificate Data

Now you're ready to head over to the AppFog web console. Click on one of your apps, hit the "SSL" tab on the left, and hit the "Get Started" button.

On the "Upload Certificate Data" screen, click on the "Upload Your Certificate" button and navigate to your certificate file (server.crt if you followed the instructions above). AppFog will validate the certificate and display the certificate details.

Next, click on the "Upload Your Private Key" button and navigate to your (decrypted) private key (server.key if you followed the instructions above). Similar to the certificate, AppFog will verify the key.

Click "Upload Your Optional Intermediate Certificate" and select the intermediate certificate from your CA. Again, AppFog will display information about the intermediate certificate.

You now have an SSL terminator that should look something like:

af-ssl-term-0-000000000.us-east-1.elb.amazonaws.com

Change your DNS

Now head over to your DNS host and update your app's CNAME alias to point at the SSL terminator you just created. That's it! Once your new DNS settings propagate, SSL will be enabled for your app.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

Please sign in to leave a comment.