Note: If you are a user of VM (virtual machine) instances, please refer to these SSL installation instructions. You may also want to consult the α―αααΆαααααΌαααΆα for VM instances for further information.
How to Install SSL Certificate on Google App Engine
To install an SSL certificate for Google App Engine, you need to meet the following requirements:
- have a registered domain name that will be used for the web application
- point the domain name to your App Engine Web Application. The instructions on the matter can be found in the Adding a custom domain for your application ααααααα this article from Google
- obtain SSL certificate files from the Certificate Authority
- locate the Private Key created during the ααααΆαα CSR
ααα αΆαααΈ 1
Once a ZIP archive with the certificate files is received via email or ααΆαααααΈααααΈ 1Byte ααααα’ααα, you can proceed with the installation as follows:
- Log into your Google Cloud account at https://cloud.google.com/
- ααααΈααΆαα ααα·ααα αα·αααααΆαααα >> αααΆαααΈααααααα·ααΈ:
β From the App Engine menu, go to ααΆαααααα >> αα·ααααΆαααααα SSL:
ααα αΆαααΈ 2
αα βααΎ αα·ααααΆαααααα SSL α’αααααα, α α»α Upload a new certificate β you will see Add a new SSL certificate αααα’α½α :
At this step, it is necessary to locate the certificate files and the Private Key code which were generated along with the CSR.
There are two ways to proceed with it: copy/paste the codes or upload the files containing the code. We will describe both methods below.
File uploading.
It is necessary to prepare the files before uploading them. The certificate file (yourdomain.crt) should be concatenated (combined) with the corresponding CA-bundle file (yourdomain.ca-bundle file with the Intermediate and Root certificates from the Certificate Authority). This can be done by inserting the content of yourdomain.ca-bundle below the certificate code in yourdomain.crt file. Simply paste the whole code from the CA-bundle file right after the ββEND CERTIFICATEββ tag in the yourdomain.crt file. The created file should look as follows:
ββα
αΆααααααΎααα·ααααΆααααααββ
β¦(yourdomain.crt code here)
ββ αααα
ααβαα·ααααΆααααααββ
ββα
αΆααααααΎααα·ααααΆααααααββ
β¦(Intermediate certificate code)
ββ αααα
ααβαα·ααααΆααααααββ
ββα
αΆααααααΎααα·ααααΆααααααββ
β¦(Additional intermediate certificate code)
ββ αααα
ααβαα·ααααΆααααααββ
The certificate file is ready to be uploaded now. One more step is to save your Private Key code (from ββBEGIN RSA PRIVATE KEYββ to END RSA PRIVATE KEYββ) to a TXT file (for example, mykey.txt). Once you have two files, the concatenated yourdomain.crt and mykey.txt, click on the βBrowseβ button and upload them accordingly.
α αααΆα: If you receive βThe private key youβve selected does not appear to be validβ error, the Private Key you have might be missing βRSAβ keyword in ββBEGIN RSA PRIVATE KEYββ and ββEND RSA PRIVATE KEYββ tags. Simply add βRSAβ to your ββBEGIN PRIVATE KEYββ and ββEND PRIVATE KEYββ tags to proceed.
Copy/paste the codes.
Certificate/Private Key codes can be pasted directly into the corresponding boxes. However, PEM encoded X.509 public key certificate field should be filled out with the full certificate chain: certificate for your αααααααα ααΆααααΆαα, Intermediate and Root certificates. The code from yourdomain.crt should be pasted first, and the code from the yourdomain.ca-bundle file should be pasted below into the same box. The Private Key code you have is to be pasted into Unencrypted PEM encoded RSA private key αααα’ααα
When the Certificate and Private Key are in place, hit Upload to complete the installation. You will see the page containing SSL installation details. It is necessary to choose the domains you wish to secure under Enable SSL for the following custom domains:
ααααα½α ααΆααααΌαα α»α αααααΆαα»αβ (Save) αα ααΆαααΎαα ααΆαααααα screen. Thatβs it!
You can check the SSL installation using our online tool: https://ssl-checker.1byte.com/.