0

I have bought SSL certificate and would like to install it on my website hosted on google cloud platform. I have successfully installed the certificate on my Microsoft IIS 8 server and when I visit https://example.com connection is secured. However, I suppose, I need to finish installing process according to this guide. This doc says I need to upload a new certificate on the page App Engine page. But it accepts only PEM encoded RSA private key. The seller of this certificate didn't provide this key in a proper file type and all my attempts to convert it via OpenSLL failed. Is there another way to setup this certificate without difficult converting procedure?

John Topley
  • 113,588
  • 46
  • 195
  • 237
Pavel Poberezhnyi
  • 733
  • 13
  • 28
  • potentially related: https://stackoverflow.com/questions/38319559/google-app-engine-ssl-with-lets-encrypt-could-not-be-inserted/38319855#38319855 – Dan Cornilescu Sep 28 '17 at 00:50
  • what do you mean by `all my attempts to convert it via OpenSLL failed`? – Dan Cornilescu Sep 28 '17 at 00:50
  • Certificate seller sent me 2 files (with *.crt and *.p7b extension). But google cloud accepts only "Unencrypted PEM encoded RSA private key". Hence, I need to convert my current file with the private key to .pem extension – Pavel Poberezhnyi Sep 28 '17 at 00:56
  • The key is the one you obtained when you generated the `.csr` file which you submitted to your certificate provider. You convert it with `openssl rsa -in -text > .pem` – Dan Cornilescu Sep 28 '17 at 01:05
  • Unfortunately, I got this error "Unable to load Private Key. Expecting any private key" – Pavel Poberezhnyi Sep 28 '17 at 11:47

2 Answers2

1

To get the PEM and RSA key files required for the App Engine, do this:

  • Export the certificate from the IIS server in a PFX format (eg. server.pfx)
  • Transfer the file to a computer that has OpenSSL
  • Execute: openssl pkcs12 -in server.pfx -nokeys -out server.pem
  • Execute: openssl pkcs12 -in server.pfx -nocerts -out server.key
  • Execute: openssl rsa -in server.key -out server-no-password.key

Use the server.pem and server-no-password.key in your App Engine

Hames
  • 1,569
  • 1
  • 9
  • 6
0

As Dan Cornilescu mentioned openssl rsa -in <your_key_file> -text > <your_key_file>.pem is the way to convert request file. If u got an error "Unable to load Private Key. Expecting any private key" the way to fix it is to replace ">" for "-out"

Pavel Poberezhnyi
  • 733
  • 13
  • 28