2

I uploaded my Rails application to Heroku, bought a domain name mysite.com on Site5 and pointed it to my Heroku application URL. I can normally access my site on Heroku when I type www.mysite.com and everything works.

The problem is that before my site opens, I receive a warning that the certificate for this website is invalid and that some other site is pretending to be my site. This looks bad if a customer comes to my site and sees that warning and needs to accept their information "will be at risk". How can I avoid this message?

Here is the screenshot how it looks in Safari:

enter image description here

4

1 回答 1

0

Heroku 提供了一个通配符 SSL 证书,涵盖所有 herokuapp.com 子域。当然,这只有在通过其 herokuapp.com 子域访问您的应用程序时才有效。

如果您的自定义域需要 SSL,则需要为该域获取自己的证书并支付 Heroku(20 美元/月)以将该证书用于您的应用程序。

如果您不需要 SSL,请验证您的代码没有将 HTTP 重定向到 HTTPS 请求。这不是 Heroku 通常自己做的事情。任何强制安全传输很可能来自您的应用程序。

请参阅 Heroku KB:SSL 端点

于 2013-11-14T16:32:59.100 回答