How to Install SSL Certificate on Google App Engine (GAE)

How to Install SSL Certificate on Google App Engine?

(1 votes, average: 5.00 out of 5)

Easy Steps to Install SSL Certificate on Google App Engine – GAE

For developers, Google App Engine (GAE) is a blessing because it allows them to concentrate on creating outstanding apps rather than worrying about server management. The question is, though, how secure are apps? But from a security perspective, an SSL Certificate can be crucial in ensuring that all private data is shielded from prying eyes.

Today, let’s learn how to install SSL on GAE in some easy steps.

Before we begin with the SSL installation, it is important to generate Certificate Signing Requests.

Step 1: Generate a Certificate Signing Request (CSR)

The initial step towards installing an SSL certificate on a website or an application is generating a CSR. You can use a CSR generator tool for that. You will receive a CSR and a private key upon completing the CSR generation. Always remember to store the private key in a secure location.

Use our Step by Step guide to Generate CSR in Google App Engine.

Step 2: Download and Extract the Certificate Files

You receive an email from CA (Certificate Authority) after you have passed your domain/organization verification process successfully. These files may be compressed in .zip format. You have to extract it to the server directory. Make sure the SSL is configured for custom domains. It can be done by using your Google Apps account.

Step 3: Convert the Certificate to .pem Format

The next step is to convert the certificate into .pem format. For that, you can either use the automated SSL converter tool or open a text editor & copy all the details of certificate details in a specific order like this

Primary certificate: domain_name.crt

Intermediate certificate: certificate_provider.crt

—–BEGIN CERTIFICATE—–

Your Primary SSL certificate: domain_name.crt

—–END CERTIFICATE—–

—–BEGIN CERTIFICATE—–

Your Intermediate certificate: certificate_provider.crt

—–END CERTIFICATE—–

Note: Always keep the “BEGIN CERTIFICATE” and “END CERTIFICATE” marks as they recognize and validate the certificate. If you don’t include them, it may result in SSL errors or warnings.qa

The last step for this would be saving the file in the .pem format.

Step-4: Activate the SSL Certificate for Custom Domain

Log in to the Google Apps Account you have. In case you have already added your app to Google apps, you can skip the next three steps.
The next three steps are for users who haven’t added their app to Google Apps.
Navigate to More Controls. From there, click on App Engine apps and then add Service.
Here you have to fill in your application ID and press the Add it now button.
You will be asked to accept the terms and conditions.
Click on Activate and proceed.

Proceed from here in case your app is already in Google apps.

Connect your app with Google Apps and map it with a subdomain.

Your app’s URL will appear.
Now you can click on the Add new URL button if you want the Google Apps account’s primary domain to have its access.

The next step is to activate your SSL. For that, you must press Enable SSL for App Engine Applications and go to Security & to Advanced Settings > Show More > SSL for Custom Domains.
Here you must fill in your application ID.
Upon doing that, your SSL certificate will be activated.
Enter your application ID to activate your SSL.

After you have successfully activated the SSL certificate for a custom domain, the next step is redirection to the application’s App Engine Console.

Step-5: Upload your Certificate

To upload your certificate, you must log into the Google Admin console.
From there, navigate to the Security tab and select Advanced Settings.
If you want to see more options, click on Show More
Next, click on SSL for custom domains and select Configure SSL Certificates. It will take you to the SSL configuration page.
Once on the SSL configuration page, click the Upload a New Certificate button. This will allow you to upload your SSL certificate to your Google App Engine.

Steps to Upload the Certificate

Locate the PEM encoded X.509 certificate section and click the Choose File button to select the domain_name.pem certificate file.

In the unencrypted PEM encoded RSA private key section, click Choose File. Here you have to opt for the domain_name.key private key file. (The private key is the one that you received during the CSR generation process.)
Once you have selected both the certificate and private key files, click the Upload button to complete the process.

After uploading the certificate, you can activate SSL for your custom domain on Google App Engine.

Step- 6: Configure your Certificate

Select the Serving mode option on the configuration page to configure the SSL certificate after uploading the certificate and key files.

The serving mode options available are “Not Serving,” “SNI (Server Name Indication),” and “SNI + VIP:<a VIP number>.”

Choose the serving mode that matches your server type.
Once you have selected the serving mode, you can assign matching URLs by either selecting each matching URL from the drop-down box and clicking the Add button or by adding multiple matching URLs. It can be done by clicking on Assign all matching URLs.

You can always refer to the Google App Engine’s custom domain guideline if you don’t have any URLs to assign. To change the URL’s CNAME details, you can contact your DNS service provider.

After assigning the matching URLs, click on the Save button.
It will complete the SSL configuration.
Your SSL certificate is uploaded and configured successfully.

That’s it! You have successfully installed an SSL certificate on Google App Engine. To check any possible errors, you can always use SSL check tool available online.