Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Trouble with Google Apps Custom Domain SSL

I'm currently inside the 30-day free trial for Google Apps for business (billing set up, so will start non-free trial soon). I'm attempting to set up SSL for a custom domain for a Google App Engine app, but am a bit of a noob at this stuff and the files I've accumulated aren't accepted by the Apps submission form.

I went through the following process:

openssl req -out CSR.csr -new -newkey rsa:2048 -nodes -keyout privateKey.key

After filling in the cert. request information (with name www.mydomain.com), I had the two files CSR.csr and privateKey.key.

I used an SSL provider CheapSSLs.com to provide me with a certificate off this CSR.csr, and they've responded with a cert www_mydomain_com.crt.

However, on going through Google Apps Dashboard -> Security -> SSL for Custom Domains and uploading www_mydomain_com.crt and privateKey.key I'm given the error:

Both the private key and SSL certificate should be in unencrypted PEM format.

Any help? As far as I can tell, they are in that format: the private Key looks like:

-----BEGIN PRIVATE KEY-----
MIIEv...
...
...CftTU=
-----END PRIVATE KEY-----

and the .crt file looks like:

-----BEGIN CERTIFICATE----- 
MIIFy...
...
...WJjk= 
-----END CERTIFICATE-----
like image 843
unwitting Avatar asked Jul 10 '13 11:07

unwitting


People also ask

Does Google domain provide SSL certificate?

The following Google services automatically issue, install, and renew SSL/TLS certificates at no additional cost: Google Sites. Google Business Profile.

Do mobile apps need SSL Certificate?

Maybe this is because the browsers in many apps don't include indicators such as HTTPS, padlock, and the green address bar. But it doesn't take away from the fact that having SSL enabled is a must for Apps, be it any platform—Android or iOS.


2 Answers

This was answered by a friendly member of the community and then immediately deleted (not sure why...) but not before I spotted his answer and used it, to great effect :)

openssl rsa -in privateKey.key -text > private.pem
openssl x509 -inform PEM -in www_mydomain_com.crt > public.pem

The above two commands produce private.pem and public.pem, which are accepted fine by Google Apps dashboard.

Thank you!

like image 72
unwitting Avatar answered Oct 21 '22 08:10

unwitting


For me, it was because my private.key was in the wrong format.

If your key starts with ---BEGIN PRIVATE KEY--- then you need to convert it to an RSA key.

openssl rsa -in private.key -out private_rsa.key

Then you should see ---BEGIN RSA PRIVATE KEY--- at the beginning of the private_rsa.key which you use with GAE.

like image 44
Christian Avatar answered Oct 21 '22 07:10

Christian