

Cheap and easy SSL: Heroku + Cloudflare - impactdialing
http://www.impactdialing.com/2012/01/cheap-and-easy-ssl-heroku-cloudflare/

======
steveh73
Wait, what? Pay Cloudflare $20 a month to avoid a $100/year SSL certificate?

~~~
vailripper
In their defense, you're also getting all the other features that cloudflare
offers.

------
silverlight
Keep in mind that you have to pay $20 / month to get host name SSL on Heroku
even with your own cert, so from that standpoint this is a "good deal".
However, one problem I've noticed with this approach is that in the cert
Cloudflare uses you can see the 10 or do other domains that share the cert.
I'm sure the average customer won't check, but having my cert also be valid
for "cheaptoys.com" just felt wrong. Also, doesn't this mean the data is being
unencrypted by CF then rencrypted and sent to Heroku? So CF can potentially
see the contents of the transmission?

~~~
JoachimSchipper
Yes, this allows CloudFlare to man-in-the-middle your SSL connection. Of
course, that's exactly what it's designed to do.

------
overshard
This isn't cheap, it is easy though. SSL certs now days can be found for free
from StartSSL and for around 10 bucks a year on places like Namecheap.

------
Johnyma22
20$ a month is not cheap for SSL

------
Narkov
I'm not sure whether I'm missing something but how can Cloudflare get a
certificate issued with my domain?

What stops them from getting a cert for google.com or paypal.com?

~~~
tgriesser
I believe it's because cloudflare also acts as the root DNS for the domain, so
in order for it to work for google and facebook, they would have to
deliberately point their nameservers at cloudflare's DNS.

------
impactdialing
I should clarify - it's cheaper than a wildcard cert. It also makes it really
easy for us to get private label resellers up and running.

------
joeya
This is also interesting for sites which can't acquire their own certificates
(i.e., anything at .cu, .ir, .kp, .sd, and .sy).

