Extended Validation SSL Certificates on Heroku

Heroku is now using Extended Validation SSL Certificates for most of our Heroku-owned applications. This allows you to tell at a glance if an URL belongs to Heroku itself, or is merely hosted on us.

Fancy Pants cert in action


Applications in our legacy “Bamboo” stack are hosted under the heroku.com DNS domain, which has historically made it difficult for people to differentiate between Heroku-owned apps (e.g., id.heroku.com, dashboard.heroku.com) and customer applications. We believe the extra UI indication will prove useful in solving this problem.

For more information, see "EV SSL Certificates and Heroku-owned Applications" on Heroku Dev Center.

-Tom Maher
Heroku Security Team

More from the author

Browse the archives for news or all blogs Subscribe to the RSS feed for news or all blogs.