1

I try installing Comodo Certificate that I ordered in SSLs.com on Google App Engine Custom Domain. But I have error:

The SSL certificate provided could not be inserted.

I checked that my key is 2048-bit length:

# openssl rsa -in myserver2.key.pem -text -noout
Private-Key: (2048 bit)

And made sure that my certificate appended to ca-bundle:

cat xn--80aaxfchnde0hb.com.crt xn--80aaxfchnde0hb.com.ca-bundle > concat.crt

Besides that I verified md5 and CAfile:

# openssl verify -verbose -CAfile concat.crt concat.crt 
concat.crt: OK

# openssl x509 -noout -modulus -in concat.crt |openssl md5
(stdin)= f83d...c3d

# openssl rsa -noout -modulus -in myserver2.key.pem | openssl md5
(stdin)= f83d...c3d

Also I tried to convert the certificate in PEM

openssl x509 -inform PEM -in concat.crt > concat.pem

I want to get a certificate for xn- domain.

Castaglia
  • 3,349
  • 3
  • 21
  • 42
Aleksey Popryadukhin
  • 111
  • 4

1 Answers1

2

Google App Engine support for SSL certificates, quote from article

App Engine supports the following certificate types:

  • Single Domain/Hostname
  • Self-signed
  • Wildcard
  • Subject Alternative Name (SAN) / Multi Domain

It requires some things of your certificates and keys:

  • Private Key and Certificate should be uploaded in PEM format.
  • Private Keys must not be encrypted.
  • A certificate file can contain at most five certificates; this number includes chained and intermediate certificates.
  • All subject names on the host certificate should match or be subdomains of the user's verified domains.
  • Private keys must use RSA encryption.
  • Maximum allowed key modulus: 2048 bits

If the host certificate requires an intermediate or chained certificate (as many Certificate Authorities (CAs) issue), you will need to append the intermediate or chained certificates to the end of the public certificate file.

Some App Engine features use special subdomains. For example, an application can use subdomains to address application services, or to address different versions of your application. To use these with SSL, it makes sense to set up a SAN or wildcard certificate. Wildcard certificates only support one level of subdomain.

For steps to how obtain a certificate visit this article.

Kamran
  • 1,425
  • 7
  • 17