2

I need some help with setting up SSL for an app on GAE. I have a domain associated with my GAE app, through a Custom Domain managed with Google Apps. However my app is being accessed through a url belonging to an Alias. So for example my Google apps domain is abc.com and has an alias cde.com, my Appengine app is being accessed using the url https://cde.com

Now I'm trying to set up SSL and I've uploaded Certificates to Google Apps. Unfortunately I'm unable to use this certificate for my appengine app because it seems that domain aliases are not being recognized. I read the Certificate Requirements and it states:

Single Domain/Hostname Self-signed Wildcard Subject Alternative Name

Dosen't this mean that domain aliases would be supported by SSL on Appengine?

Kwame
  • 1,115
  • 2
  • 21
  • 38
  • Well as far as I know your ssl certificate wont work on the appspot.com domain, since you have signed it for you primary domain. – Ankur Jain Dec 31 '12 at 18:42
  • According to the documentation at https://developers.google.com/appengine/docs/ssl it should, if the appspot.com app has a custom domain in Google Apps. My problem is that the Custom Domain is not what my users are using to access the app. Instead they are using an alias of the Custom Domain. And it's this alias that I need to cover under the SSL. Hoever the SSL cert validation won't work if I use the alias name, only if I use the actual domain name – Kwame Dec 31 '12 at 18:54

2 Answers2

1

I'll try and it work's:

1- create config file

[req] 
distinguished_name = req_distinguished_name 
x509_extensions = v3_req 
prompt = no 
[req_distinguished_name] 
C = FR 
ST = HS 
L = Somewhere 
O = Organisation
OU = Organisation_Unit 
CN = *.yourcustomaliasdomain.com 
[v3_req] 
keyUsage = keyEncipherment, dataEncipherment 
extendedKeyUsage = serverAuth

Don't forget to replace *.yourcustomaliasdomain.com by domain config on app engine

2- Create RSA Key

openssl genrsa -out key.pem 2048

3- Create request signature

openssl req -new -key key.pem -out request.pem -config config

config is the config file

4- Create certificate

openssl x509 -req -days 3650 -in request.pem -signkey key.pem -out cert.pem

5- Upload and configure

Upload cert.pem and key.pem on your google apps console as explain here Choose your ssl type, normaly app engine url must match your certificate and you can add it.

lpe
  • 11
  • 1
0

Currently only the primary Google Apps domain is supported for SSL.

Also, it should be noted that @Ipe's answer created a self-signed certificate which will not be trusted by any browser and thus should only be used for development.

I found setting up SSL for app engine to be hard so I created a service to make it easier: http://www.volcanicpixels.com/ssl/

Daniel Chatfield
  • 2,952
  • 3
  • 19
  • 17