How do I verify my SNI certificate is setup correctly?

Issue

You want to verify your SNI certificate is setup correctly before switching your DNS over.

Resolution

You'll use cURL to do this, and the --resolve attribute is important for this. From the cURL man page

--resolve host:port:address

Provide a custom address for a specific host and port pair. Using this, you can make the curl requests(s) use a specified address and >prevent the otherwise normally resolved address to be used. Consider it a sort of /etc/hosts alternative provided on the command line. The >port number should be the number used for the specific protocol the host will be used for. It means you need several entries if you want to >provide address for the same host but different ports.

The provided address set by this option will be used even if -4, --ipv4 or -6, --ipv6 is set to make curl use another IP version.

This option can be used many times to add many host names to resolve.

so to test www.foodblog.org with a stable-cname of www.foodbloc.org.herokudns.com you would do:

$ curl --verbose "Host: www.foodbloc.org" https://www.foodbloc.org --resolve www.foodbloc.org:443:`dig www.foodbloc.org.herokudns.com +short | head -n1`

Ask on Stack Overflow

Engage with a community of passionate experts to get the answers you need

Ask on Stack Overflow

Heroku Support

Create a support ticket and our support experts will get back to you

Contact Heroku Support