(2 votes, average: 5.00 out of 5)
When serving content from an application on Google App Engine, it is highly recommended to serve that content over HTTPS to provide security and privacy for users. And to serve HTTPS content, your application needs an SSL certificate signed by a trusted certificate authority like Comodo, Sectigo, or Certera. Google App Engine lets you generate and upload a certificate signing request (CSR) containing your application information. Google then acts as the CA and signs that CSR to issue you a certificate which provides a simple and automated way to obtain an SSL certificate for your App Engine application.
Generating and using your own CSR, rather than accepting a default certificate from Google, has several advantages. First, the certificate will contain the exact information you specify, like your domain name and organization details. It ensures the certificate accurately represents your application. Second, using your own CSR gives you full control over the private key that is associated with the certificate; it is used to prove your right to the certificate, so generating and keeping control of the private key yourself is more secure.
Finally, by uploading a CSR to Google, you bind that certificate to your App Engine application which provides an easy way to manage SSL certificates for your individual applications rather than sharing a default Google certificate across all projects.
openssl genrsa -out mykey.pem 2048
It will generate a 2048-bit RSA private key named as mykey.pem.
openssl req -new -key mykey.pem -out mycsr.csr
You will be prompted for information like country code, state, organization name, etc. This provides information for the certificate.