Steps to Install SSL Certificate on Google App Engine (GAE)
Before you start SSL certificate installation on GAE, please make sure following processes have been completed.
- Buy/renew SSL Certificate
- Generate CSR with SHA-2 algorithm
- Save the CSR & Private key file on your server
- Apply for SSL Certificate Issuance
- Submit SSL issuance Documents required by your certificate authority (For OV & EV SSL)
Step 1: Save the Certificate Files
Your SSL Certificate files will be sent by email via your CA (Certificate Authority), download Certificate files and save it on your server directory.
For successful SSL installation, first you need to active SSL for customer domains & then you need to configure the SSL in GAE.
Step 2: Active the SSL Certificate for Custom Domain
- Open Google Admin Console & sign in with correct credentials.
- Now you need to add the app as service in Google Apps.
- Move to More controls > App Engine apps > Add services to your domain form the bottom of the page
- After entering your Application ID, click on Add it now
- By accepting the terms and condition click on Activate.
Now your users can access you application by entering your_app_name.appsspot.com
- To enter a sub-domain, click on Add new URL. This will give you an access to add new URL in to your google app’s primary domain (your_domain.com). Now add the sub-domain name (Example: playgame) and press Enter.
- Now your URL will be as your_domain.com
If you carry more domains in your google Apps account, then you need to select a domain for which you wish to add the new URL.
- Once you add the URL in to your google Apps & map it with sub-domain, you can now add the SSL Certificate
- Via Google Admin Console, move to Security > Show more > Advanced settings > SSL for Custom Domains.
- Enter your Application ID of the Google App Engine App which you wish to secure with SSL. (Note: You have to pay the SSL Charges for that App)
- Now click over Enable SSL for App Engine Applications
- This will add all the SSL charges for the selected application
- You are allowed to disable the SSL for a domain, sub-domain & Google app account in both Google Apps & App Engine console.
- You will be redirected to Google App Engine Admin Console for the application which you have secured with SSL. You may also require to login.
- Click on Enable, which activates the SSL for selected Application.
- Now, you will be redirected to Google Admin Console’s SSL page, you can now add VIPs & SNI certificate slots in your application & configure SSL certificate.
Step 3: Configure SSL Certificate for custom Domain
Upload the Certificate
- Sign in to your Google Admin Console
- Now click on Security > Advanced settings > Show more > SSL for Custom Domains
- Click on SSL Certificate configuration page > New certificate & press Upload.
- Click on Choose File button for Public Certificate
- Again follow the same for Private Key
- After selecting proper Public Certificate and Private Key, click on Upload
Your certificate and key file is uploaded, now configure the certificate.
Configure the Certificate
- Select a serving mode from dropdown list.
- There will be three serving methods available based on VIP of SNI Certificate slots or both.
- The serving options are ‘Not serving, SNI only, or SNI + VIP: <a VIP number>’.
- In SNI + VIP option the certificate is assigned to the listed VIP.
- Now select a specific URL form dropdown list and press Add button
- If you wish to change the CNAME record of the URL you’ve assigned you need to contact your DNS provider.
- Click on Save
Your SSL Certificate is now configured in Google App Engine.