how SNI works with google app engine?

Question

i found that google app engine support multiple custom domain in single google app engine application. possibly it can be done using multi-tenancy domain/namespace. and i want to use ssl for those multiple custom domain. i found its possible by SNI.

now my questions are: -how SNI works with google app engine? -do i need to buy separate SSL certificate for each domain and upload them into google app engine and google calls the mechanism as SNI? in that case will the CSR generation process for each domain?

-or is SNI something that google manages internally so that i can simply add my domains and apply SNI for those domains from google console and it simply works.

but i am not seeing any section in google console for SNI. no matter google charges for SNI or fee.

can someone please explain in short the SNI configuration process in google app engine?

Answer 1

There's no special section for SNI in the Cloud Console because SNI is the only protocol supported for custom domains on App Engine. It helps to read the documentation, specifically Using Custom Domains and SSL, for an explanation of how the service is implemented and how to configure SSL in the console.

App Engine supports the following certificate types:

• Single Domain/Hostname
• Self-signed
• Wildcard
• Subject Alternative Name (SAN) / Multi Domain

Currently wildcard and SAN certificates only support one level of subdomain. This information is also available in the same doc, in the section App Engine support for SSL certificates.