0

I am running a mqtt broker behind gke LoadBalancer type service. The lb type service is a l4 load balancer and I need to handle the tls termination at my service/broker level.

I have associated an A record with loadbalancer ip (say mqtt.example.com) and I am trying to get google to issue a public certificate for mqtt.example.com (Note that we manage example.com using cloud dns)

The issue is that google managed certificate do NOT share the private key so I am not able to create the cert for my service. Is there any other way I can get a google issued cert + key so I can use it at my service level.

java_doctor_101
  • 103
  • 3

2 Answers2

2

Google managed SSL certificates are only available for certain Google Cloud services. You cannot install the certificate on your own services. Google does not provide access to the private key.

Your options are to use a service such as Let's Encrypt or purchase a certificate.

John Hanley
  • 4,754
  • 1
  • 11
  • 21
1

Your use case to handle TLS termination within your broker/service is correct as L4 Load balancers cannot terminate SSL traffic. So you cannot use Google managed SSL certificates for it. It will be best to go with John's suggestion to use Let's Encrypt or purchase a certificate instead.

James S
  • 256
  • 1
  • 4