How to Generate CSR in Google App Engine?

1 Star2 Stars3 Stars4 Stars5 Stars (4 votes, average: 5.00 out of 5)
Generate CSR in Google App Engine

When serving content from an application on Google App Engine, it is highly recommended to serve it over HTTPS to provide security and privacy for users. To serve HTTPS content, your application needs an SSL certificate signed by a trusted certificate authority like Comodo, Sectigo, or Certera.

Google App Engine lets you generate and upload a certificate signing request (CSR) containing your application information. Google then acts as the CA and signs that CSR to issue you a certificate which provides a simple and automated way to obtain an SSL certificate for your App Engine application.

Cheap SSL Certificates

Generating and using your CSR, rather than accepting a default certificate from Google, has several advantages. First, the certificate will contain the exact information you specify, like your domain name and organization details.

It ensures the certificate accurately represents your application. Second, using your own CSR gives you full control over the private key that is associated with the certificate; it is used to prove your right to the certificate, so generating and keeping control of the private key yourself is more secure.

Finally, by uploading a CSR to Google, you bind that certificate to your App Engine application, which provides an easy way to manage SSL certificates for your applications rather than sharing a default Google certificate across all projects.

Step-by-Step Process to Generate CSR in Google App Engine

  • Create an RSA private key. You can use the following command in OpenSSL:
openssl genrsa -out mykey.pem 2048

It will generate a 2048-bit RSA private key named as mykey.pem.

  • Create a certificate signing request (CSR) from the private key using the following command:
openssl req -new -key mykey.pem -out mycsr.csr

You will be prompted for information like country code, state, organization name, etc. This provides information for the certificate.

  • Upload the CSR to Google App Engine. You’ll need to put the CSR in a file and upload that file to your App Engine project.
  • In the Google Cloud Console for your App Engine project, go to “API services” > “Credentials”.
  • Click “Create Credentials” > “HTTPS/SSL” and select “Upload custom certificate/CSR”.
  • Upload the CSR file that you created.
  • Google will verify the CSR and sign it with one of its own certificates. They will then issue you a signed certificate you can download and use with your App Engine app.
  • Download the signed certificate from Google and provide it to your App Engine app. The certificate will allow your App Engine app to serve content over HTTPS.
  • Perform these steps to Install SSL Certificate on Google App Engine.