Trouble with Google Apps Custom Domain SSL

Question

I'm currently inside the 30-day free trial for Google Apps for business (billing set up, so will start non-free trial soon). I'm attempting to set up SSL for a custom domain for a Google App Engine app, but am a bit of a noob at this stuff and the files I've accumulated aren't accepted by the Apps submission form.

I went through the following process:

openssl req -out CSR.csr -new -newkey rsa:2048 -nodes -keyout privateKey.key

After filling in the cert. request information (with name www.mydomain.com), I had the two files CSR.csr and privateKey.key.

I used an SSL provider CheapSSLs.com to provide me with a certificate off this CSR.csr, and they've responded with a cert www_mydomain_com.crt.

However, on going through Google Apps Dashboard -> Security -> SSL for Custom Domains and uploading www_mydomain_com.crt and privateKey.key I'm given the error:

Both the private key and SSL certificate should be in unencrypted PEM format.

Any help? As far as I can tell, they are in that format: the private Key looks like:

-----BEGIN PRIVATE KEY-----
MIIEv...
...
...CftTU=
-----END PRIVATE KEY-----

and the .crt file looks like:

-----BEGIN CERTIFICATE----- 
MIIFy...
...
...WJjk= 
-----END CERTIFICATE-----

Answer 1

This was answered by a friendly member of the community and then immediately deleted (not sure why...) but not before I spotted his answer and used it, to great effect :)

openssl rsa -in privateKey.key -text > private.pem
openssl x509 -inform PEM -in www_mydomain_com.crt > public.pem

The above two commands produce private.pem and public.pem, which are accepted fine by Google Apps dashboard.

Thank you!

Answer 2

For me, it was because my private.key was in the wrong format.

If your key starts with ---BEGIN PRIVATE KEY--- then you need to convert it to an RSA key.

openssl rsa -in private.key -out private_rsa.key

Then you should see ---BEGIN RSA PRIVATE KEY--- at the beginning of the private_rsa.key which you use with GAE.