Subdomain for SSL on Heroku

Why is it recommended to create an SSL certificate for secure.mydomain.com, rather than www.mydomain.com for use on Heroku? I've read this suggestion in a few blog posts, but the authors didn't elaborate. It seems like using secure.mydomain.com requires 开发者_高级运维some rerouting when switching between SSL and non-SSL requests, and can cause difficulties with sessions.

The restriction is that you can't have their hostname-based SSL on the root domain (mydomain.com); it must be on a subdomain (e.g. www.mydomain.com, secure.mydomain.com). This is because of the way the DNS system works:

Hostname based SSL will not work with root domains as it relies on CNAME aliasing of your custom domain names. CNAME aliasing of root domains is an RFC violation.

Your sessions crossing domains can indeed be a pain. Many people have written about it though: http://www.google.com/search?&q=ssl+on+subdomain+rails

As an alternative, you can use their IP-based SSL offering with root domains, but it's $100/mo.

Have you checked heroku.com documentation. they have a really good one.

check first. http://docs.heroku.com/ssl