Using SSL Cert for ngrok dev environment

Question

I am working to setup my application to watch calendar events through Google's Calendar API. In doing so I must setup a "Push" endpoint on my server that has a valid SSL certificate (not self-signed).

My production environment is running on Heroku so setting up an SSL cert was easy using Expidited SSL. I have two CNames setup in GoDaddy, one for my production application and one for my development environment tunneled through ngrok. I'm using the paid ngrok feature of white labeled domain tunneling (dev.mydomain.com).

Host           Points To

www            saga-1234.herokussl.com
dev            ngrok.com

The problem is that my ssl certificate is recognized when you hit the production application (www.mydomain.com), but it uses ngrok's certificate when you visit the development application (dev.mydomain.com).

enter image description here

How can I setup my ngrok tunnel to use my ssl certificate?

I've looked into creating a wildcard SSL cert but am not sure if that will cover my dev subdomain or just subdomain on heroku — Jeff Miller, May 25 '14 at 05:46
Just curious, shouldn't the entry in `CNAME` be something like `dev mydev_mydomain.ngrok.com`? — Anshul Goyal, Nov 15 '14 at 10:28
Tunnels on custom domains (white label URLs) is a paid feature of ngrok. — Arihant Godha, Nov 21 '14 at 06:08

score 12 · Answer 1 · answered Nov 19 '14 at 18:16

Ngrok's white labeled domain does not support HTTPS if you are using your own domain. Simply because it serves it's own certificate, where you need to serve your domain's. That's why you are getting certificate mismatch issue.

Here's what you could do to watch calendar events on your dev machine:

Point ngrok.mydomain.com to another server, let's say a new EC2 micro instance
Point wildcard CNAME to ngrok.mydomain.com
Compile ngrok server and client to use your certificate (rather than ngrok.com)
Run the ngroku-server on EC2 instance
On your dev machine config the client to use ngrok.mydomain.com instead of ngroku.com
Run ngrok -subdomain=dev 80

Your local dev machine's 80 port should be accessible via https://dev.mydomain.com

This is really cool and is very helpful when debugging Google's webhooks, which require valid HTTPS and a verified root domain name.

Another interesting trick is to use CloudFlare's universal SSL to have a valid https://dev-machine.mydomain.com pointing to your dev machine without purchasing a certificate. The steps are exactly the same except that you need to issue your own certificate for ngrok client-server communications and use CloudFlare's Flex SSL for dev-machine.yourdomain.com.

Wow! This is a great lead, thank you! I'll need to give this a try and check back in. — Jeff Miller, Nov 20 '14 at 05:47

score 1 · Answer 2 · answered Apr 12 '16 at 22:29

ngrok has a new feature that tunnels and terminates SSL. Thus you can use your own domain and HTTPS. No need to open ports in your router or PC. They call it TLS Tunneling. The following is a link to a GitHub repos that describes how to do it.

How to use your own domain to access your home PC over the internet. Use HTTPS without raising SSL errors.

Using SSL Cert for ngrok dev environment

2 Answers2