This add-on is operated by BrandSSL
On demand SSL Management solution for SaaS
Last updated April 07, 2022
The BrandSSL add-on is currently in beta.
Table of Contents
The BrandSSL add-on provides on-demand SSL management for SaaS applications. It manages the entire SSL lifecycle for a domain name, from private key creation and protection to domain validation, issuance, and reissue.
BrandSSL provides the following features:
- An Anycast IP Address, that automatically route through the nearest region so that any domain can connect with reduced latency
- Custom headers and metadata
- URL Rewrites
- API Access
Provisioning the Add-on
BrandSSL can be attached to a Heroku application via the CLI:
A list of all plans available can be found here
$ heroku addons:create brandssl -----> Adding brandssl to sharp-mountain-4005... done, v18 (free)
Connecting to the BrandSSL Dashboard
Configure your application endpoint and CNAME from the BrandSSL dashboard. Access the dashboard via the CLI:
$ heroku addons:open brandssl -----> Opening brandssl for sharp-mountain-4005
You can also visit the Heroku Dashboard, select your application, and then select BrandSSL from the addon list.
Configuring Application Endpoint and CNAME
From the BrandSSL dashboard, specify your application endpoint (the address of your web server) and a domain (CNAME) name.
Manage domains from the BrandSSL dashboard. You can verify whether a domain is secured or unsecured. You can also disable custom domains you don’t want to secure.
BrandSSL supports “on demand” and “API call” SSL certificate provisioning. With On demand provisioning, domain names pointed at your provided BrandSSL CNAME record is automatically secured. “API Call” provisioning requires you to send a post request with your API key to the BrandSSL server. On demand provisioning is the default.
Configuring URL Rewrite
Use the URL Rewrite feature to add a prefix or suffix to your application endpoint.
- Adding a prefix (“/static”) to the endpoint:
- Adding a suffix (“/deploy”) to the endpoint:
- Adding both a prefix (“/static”) and a suffix (“/deploy”) to the endpoint:
Select a default issuer and manage your Certificate Authority account from the Settings page.
BrandSSL works with Cloudflare in “Proxied” or “DNS only” modes.
You must provide a Cloudflare API token if you’re running BrandSSL behind the Cloudflare proxy.
Migrating Between Plans
heroku add-ons:upgrade command to migrate to a new plan.
$ heroku add-ons:upgrade brandssl:newplan -----> Upgrading brandssl:newplan to sharp-mountain-4005... done, v18 ($35/mo) Your plan has been updated to: brandssl:newplan
Removing the Add-on
You can remove Easy File Upload via the CLI:
This destroys all associated data and can’t be undone!
$ heroku add-ons:destroy brandssl -----> Removing brandssl from sharp-mountain-4005... done, v18(free)
All BrandSSL support and runtime issues should be submitted via one of the Heroku Support channels. Any non-support related issues or product feedback is welcome at firstname.lastname@example.org.