BrandSSL

This add-on is operated by BrandSSL

On demand SSL Management solution for SaaS

BrandSSL

Last updated April 07, 2022

The BrandSSL add-on is currently in beta.

The BrandSSL add-on provides on-demand SSL management for SaaS applications. It manages the entire SSL lifecycle for a domain name, from private key creation and protection to domain validation, issuance, and reissue.

BrandSSL provides the following features:

  • An Anycast IP Address, that automatically route through the nearest region so that any domain can connect with reduced latency
  • Custom headers and metadata
  • URL Rewrites
  • API Access

Provisioning the Add-on

BrandSSL can be attached to a Heroku application via the CLI:

A list of all plans available can be found here

$ heroku addons:create brandssl
-----> Adding brandssl to sharp-mountain-4005... done, v18 (free)

Connecting to the BrandSSL Dashboard

Configure your application endpoint and CNAME from the BrandSSL dashboard. Access the dashboard via the CLI:

$ heroku addons:open brandssl
-----> Opening brandssl for sharp-mountain-4005

You can also visit the Heroku Dashboard, select your application, and then select BrandSSL from the addon list.

Configuring Application Endpoint and CNAME

From the BrandSSL dashboard, specify your application endpoint (the address of your web server) and a domain (CNAME) name.

Managing Domains

Manage domains from the BrandSSL dashboard. You can verify whether a domain is secured or unsecured. You can also disable custom domains you don’t want to secure.

On-Demand SSL

BrandSSL supports “on demand” and “API call” SSL certificate provisioning. With On demand provisioning, domain names pointed at your provided BrandSSL CNAME record is automatically secured. “API Call” provisioning requires you to send a post request with your API key to the BrandSSL server. On demand provisioning is the default.

Configuring URL Rewrite

Use the URL Rewrite feature to add a prefix or suffix to your application endpoint.

Examples:

  • Adding a prefix (“/static”) to the endpoint: /static{path} rewrites as /static/{user_path}
  • Adding a suffix (“/deploy”) to the endpoint: {path}/deploy rewrites as /{user_path}/deploy
  • Adding both a prefix (“/static”) and a suffix (“/deploy”) to the endpoint: /static{path}/deploy rewrites as /static/{user_path}/deploy.

Certificate Authority

Select a default issuer and manage your Certificate Authority account from the Settings page.

Configuring Cloudflare

BrandSSL works with Cloudflare in “Proxied” or “DNS only” modes.

You must provide a Cloudflare API token if you’re running BrandSSL behind the Cloudflare proxy.

Migrating Between Plans

Use the heroku add-ons:upgrade command to migrate to a new plan.

$ heroku add-ons:upgrade brandssl:newplan
-----> Upgrading brandssl:newplan to sharp-mountain-4005... done, v18 ($35/mo)
       Your plan has been updated to: brandssl:newplan

Removing the Add-on

You can remove Easy File Upload via the CLI:

This destroys all associated data and can’t be undone!

$ heroku add-ons:destroy brandssl
-----> Removing brandssl from sharp-mountain-4005... done, v18(free)

Support

All BrandSSL support and runtime issues should be submitted via one of the Heroku Support channels. Any non-support related issues or product feedback is welcome at sales@brandssl.io.

Feedback

Log in to submit feedback.

Heroku logo

Heroku Update
Starting November 28th, 2022, free Heroku Dynos, free Heroku Postgres, and free Heroku Data for Redis® will no longer be available.

If you have apps using any of these resources, you must upgrade to paid plans by this date to ensure your apps continue to run and to retain your data. For students, we will announce a new program by the end of September.

Learn More