Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Creating SSL Certs For google app engine Using ZeroSSL And Let's Encrypt

Tags:

ssl

google-app-engine

lets-encrypt

zerossl

I'm trying to install ssl certificates created using the ZeroSSL.com page for Let's Encrypt, into the Google Cloud Platform. I followed the FREE SSL Certificate Wizard to do so. The ZeroSSL page generates four files in the process: domain-crt.txt domain-key.txt account-key.txt domain-csr.txt

The google Cloud Platform asks for two files: PEM encoded X.509 public key certificate Unencrypted PEM encoded RSA private key

I've made all the combinations, and followed all suggestion I could find in the web, but I had no success.

like image 368
ernesto Avatar asked Sep 22 '16 19:09

ernesto

People also ask

Does ZeroSSL use Letsencrypt?

ZeroSSL is almost the same as Letsencrypt: support unlimited 90days certs, including wildcard certs. Full ACME compatible. Aaaaalmost the same, except wildcard certificates aren't free, certificates with more than a single hostname in the SAN aren't free, more than 3 certificates aren't free.

Does Google use Letsencrypt?

In fact, Let's Encrypt just issued their billionth (!) certificate. Google has been an active supporter of Let's Encrypt because we believe the work they do to make TLS accessible is important for the security and resilience of the Internet's infrastructure. Keep rocking, Let's Encrypt!

1 Answers

I asked this to the zeroSSL people, and Alexander answers me with the solution.

SSL Certificate Wizard generates a longer more secure 4096 bits key by default, but Google only accepts 2048 bits key. So you should generate the new CSR separately first by using CSR Generator at https://zerossl.com/free-ssl/#csr and making sure you select 2048 bits. Then download the produced key and CSR (please note that this is the domain key, not the LE key) and then use the same LE key as you used originally and this new CSR with the SSL Certificate Wizard. At the last Wizard step, you might need to split the domain-crt.txt file in two. The first part between ---BEGIN CERTIFICATE----- and ---END CERTIFICATE----- will go into "Public key certificate" field. Finally, the content of domain-key.txt should be pasted into "Private key" field.

like image 108
ernesto Avatar answered Sep 30 '22 11:09

ernesto
Sign in to Comment

Related questions

How to create redirect responses on IIS when running behind SSL-terminating reverse proxy?
What is the purpose of SSL/TLS renegotiation?
Install Wildcard SSL Certificate on AWS Elastic Beanstalk
Https with TLS 1.2 in Xamarin
Need to access Google Custom search api through R
SSLHandshakeException: Received fatal alert: handshake_failure after Java 6 -> 8 upgrade
W3C validator and HTTPS
Let's Encrypt certificate on modulus.io
Mosquitto certificate SSL23_GET_CLIENT_HELLO:unknown protocol
SSL: 400 no required certificate was sent
libcurl does not support HTTPS
Change base domain name for Lets Encrypt SSL certificate
SolrCloud with SSL and Basic Authentication
Session vs ssl session
Can I sign an X509 certificate entirely in Python?
HTTP SSL with GoDaddy's certificate - This server's certificate chain is incomplete
Node.js https pem error: error:0906D06C:PEM routines:PEM_read_bio:no start line
502 proxy Error [error reading from remote server]
Celery - RabbitMQ as a Service - Broker Secure Connection (TSL/SSL) - Message Signing
Can we avoid spring boot application restart, to refresh the certificates associated with its embedded tomcat container?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!