Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to set the intermediate certificates on GAE?

Tags:

ssl

firefox

google-app-engine

I had bought a SSL certification for my custom domain and set up to my GAE project. It worked fine with most browsers until the new Firefox version comes out. Firefox denied my SSL certification. I had used the SSL Checker, it gave me the feedback.

"The certificate is not trusted in all web browsers. You may need to install an Intermediate/chain certificate to link it to a trusted root certificate. Learn more about this error. You can fix this by following GoDaddy's Certificate Installation Instructions for your server platform. Pay attention to the parts about Intermediate certificates."

I had tried to google how to set the intermediate certificates, but nothing found. Did anyone encounter the same trouble and know to solve it?

like image 524
Theon Lin Avatar asked Jul 19 '13 12:07

Theon Lin

2 Answers

It looks like these directions will help you out. They are for a different CA, but the logic should be the same.

Because Google App Engine does not have a separate option to upload an Intermediate Certificate, you have to include this certificate in the public key file. You can do this by opening the certificate for your website and the Intermediate Certificates from GlobalSign in a plain text editor and simply copy and paste all the content from the Intermediate Certificate at the end of the file of the webserver certificate that was issued by GlobalSign.

The Google AppEngine Docs say that this is the correct thing to do, but they don't go into the same level of detail as the other link.

If the host certificate requires an intermediate or chained certificate (as many Certificate Authorities (CAs) issue), you will need to append the intermediate or chained certificates to the end of the public certificate file.

like image 61
Robert Parker Avatar answered Sep 20 '22 10:09

Robert Parker

If you landed here from a google search while trying to setup your GoDaddy cert on AppEngine and having an issue with Android on GoDaddy's intermediate cert chains, I figured out the solution and documented here: http://www.blainegarrett.com/2017/06/26/how-to-get-appengine-godaddy-android-to-actually-work/

Long story short, you must PEM format the individual .crt files from GoDaddy prior to concating the certs as described in the AppEngine Docs. I pulled my hair out trying to get my site working on Android over SSL.

like image 21
Blaine Garrett Avatar answered Sep 20 '22 10:09

Blaine Garrett
Sign in to Comment

Related questions

Single Sign-On with Google Apps + App Engine
Task queue works from view, but UnknownQueueError when run from unit tests
What's the difference between Google Cloud SDK and App Engine SDK
What is the maximum memory a Google App Engine app may consume?
Facebook, Django, and Google App Engine
Caching & GZip on GAE (Community Wiki)
Is it possible to determine with NDB if model is persistent in the datastore or not?
AppEngine: warning during python app update
What is the correct way to get the previous page of results given an NDB cursor?
Google App Engine timeout: The datastore operation timed out, or the data was temporarily unavailable
Is Memcache (Java) for Google App Engine a global cache?
Should I use google-app-engine-django or app-engine-patch or neither or something else?
Heroku - Spin Up
Set up TLS proxy for Google Cloud Endpoint APIs
How to enable {% trans %} tag for jinja templates?
How to implement a custom 404 error page on App Engine, Java?
Filtering by entity key name in Google App Engine on Python
How to use unicode characters with PIL?
Google App Engine Large File Upload
Difference between self.response.write and self.response.out.write in google app engine

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!