SSL is automatically enabled on all apps with the AppFog-specific subdomain names, i.e. domain names that end in the following:
Note: While CLC (CenturyLink Cloud) data centers have SSL endpoints, AppFog v1 doesn't have the ability to use them. AppFog v2 will have that functionality.
Note: SSL for custom domain names is currently only available for:
- Apps deployed onto the Amazon AWS infrastructures
The following plans:
- Developer: 1 SSL Endpoint
- Silver: 2 SSL Endpoints
- Gold: 4 SSL Endpoints
- Platinum: 8 SSL Endpoints
Setting up SSL on your Custom Domain
Adding SSL to your custom domain is simple. First, make sure you have the following:
- Your RSA private key
- Your SSL certificate
- Intermediate certificate from the Certificate Authority (of the same Class as your SSL certificate, if applicable)
Get an SSL Certificate
If you already have a certificate, skip down to the next section on installation.
To get an SSL certificate from a Certificate Authority, you'll first need to generate an RSA private key and a Certificate Signing Request (CSR).
Generate a private key
You can use the
openssl toolkit to generate an RSA private key and a CSR:
$ openssl genrsa -des3 -out server.key 2048
Note: the strength of your key is up to you (although some Certificate Authorities require a minimum bit depth). This command will create a 2048-bit key. Other values can be used. Refer to the OpenSSL documentation for more on this.
You'll have to use a passphrase when you generate the key, but we'll remove it later.
Generate a CSR
You can now use the private key you just made to generate a CSR:
$ openssl req -new -key server.key -out server.csr
Get a certificate from a Certificate Authority
You can now send your CSR (the
server.csr file) to a Certificate Authority, which they'll use to generate your certificate. Once you have that, you're ready to set up SSL for your AppFog app.
Install your private key and SSL certificate
If your private key is password-protected, you'll have to remove the password first:
$ cp server.key server.key.org $ openssl rsa -in server.key.org -out server.key
Upload Certificate Data
Now you're ready to head over to the AppFog web console. Click on one of your apps, hit the "SSL" tab on the left, and hit the "Get Started" button.
On the "Upload Certificate Data" screen, click on the "Upload Your Certificate" button and navigate to your certificate file (
server.crt if you followed the instructions above). AppFog will validate the certificate and display the certificate details.
Next, click on the "Upload Your Private Key" button and navigate to your (decrypted) private key (
server.key if you followed the instructions above). Similar to the certificate, AppFog will verify the key.
Click "Upload Your Optional Intermediate Certificate" and select the intermediate certificate from your CA. Again, AppFog will display information about the intermediate certificate.
You now have an SSL terminator that should look something like:
Change your DNS
Now head over to your DNS host and update your app's CNAME alias to point at the SSL terminator you just created. That's it! Once your new DNS settings propagate, SSL will be enabled for your app.