Being a PAAS (Platform as a Service) cloud platform, GAE (Google App Engine) allows to build and host web applications using Google data centers. You can run applications across multiple servers. Initially, it is free service for limit usage but if you want extra storage then you need to pay the amount. GAE works on Python, Ruby, Java, Go and PHP. As GAE manages to host web applications, there must be tight security named SSL certificate for it to secure against intruders. But make sure to use the following certificates that are supported by Google App Engine:
- Single Domain SSL
- Self-signed Certificate
- Wildcard SSL certificate
- Multi Domain (SAN) SSL certificate
Now let’s look at below listed steps to install SSL certificate on Google App Engine:
Generating a CSR (code signing request) and Saving The Certificate Files
- You need to start here before commencing the installation process. After a successful generation of CSR, you will receive your private key. You can generate CSR from here.
- After the validating process, the Certificate Authority (CA) will email you a certificate file at registered email address. It is necessary to note that this certificate comes in a zipped file that requires you to extract it to your server’s directory, where you will be storing your certificate files.
- You also need to take note of the fact that you need to configure your SSL for custom domains using your Google Applications account. This step will help you to display your GAE Application with HTTP and HTTPS.
Convert The Certificate to .pem Format
- Next step is to copy and paste the contents of Primary Certificate & Intermediate Certificate in text editor.
- Add the ‘BEGIN CERTIFICATE‘ and ‘END CERTIFICATE‘ commands with five dashes on each side for each certificate. At the end, you will see something like this:
-----Begin Certificate----- (Your Primary SSL certificate: domain_name.crt) -----End Certificate----- -----Begin Certificate----- (Your Intermediate certificate: certificate_provider.crt) -----End Certificate-----
- Don’t forget to save text editor file with .pem extension.
Activating The SSL Certificate for Custom Domain
- Do log in to Google Apps Account.
- Add your application as a service in Google Apps, then click on More Controls > App Engine Apps > Add Service. In this location, you are supposed to enter your app ID and then click on the Add it now button and after accepting the terms of agreement click the ‘Activate button‘.
Note: Ignore above two steps if your application has already added to the Google App.
- Next, you need to connect the Application to the Google App and map it with sub domain. This connection will help web users to access your application URL as App-ID.appspot.com. But for those who want to allow access to the primary domain using Google App Account, you can click on the ‘Add New URL‘ button and enter a sub-domain URL , for instance, www.yourdomain.com
- After following above steps properly, you are now eligible to activate your SSL by clicking on Security > Advance Settings > Show More > SSL for Custom Domains and then entering the app-ID.
- Last steps is to click on Enable SSL for App Engine Applications.
Uploading The SSL Certificate
- To upload your certificate, you need to sign in to your Google Admin Console.
- Go to Security > Advanced Settings > Show More (optional) > SSL for Custom Domain
- Choose Configure SSL Certificates.
- Next, click on Upload a New Certificate, it will redirect you to the SSL Configuration page.
- Now upload the .pem formatted certificate file under the PEM-encoded X.509 Certificate.
- Upload the private key (in .key format) file under Unencrypted PEM encoded RSA private key which you have received with CSR generation process.
- After selecting the Public SSL Certificate and Private Key, you need to click on the Upload button.
Configuring The SSL Certificate
- Upon the completion of the uploading process, the next step is selection of the right serving mode.
- Depending on the kind of server you have, you need to select one of the three options. These options are:
- Not Serving
- SNI (Server Name Indication)
- SNI + VIP:.**VIP = Virtual IP**
- Next, you need to match the matching URLs. To do this, you can select from the drop-down menu or by adding several URLs by selecting the Assign all Matching URLs option.
- During the configuring process, you need to alter the CNAME details of the URL, which requires you to contact your SSL service provider.
- To complete the configuration process successfully, you need to click on the Save button to save your changes.
By performing these simple steps carefully, you will have uploaded and configured your SSL certificate.