I have a website, say mySite.com running on Google Cloud Engine, a Debian virtual machine. I’m looking to install SSL certificate on this site so that Firefox won’t be showing the security error on login field for one thing (not well familiar with web security – excuse the naive wording)
I’m aware that SSL should be signed by a Central Authority (CA), and for this, i can either i.) pay&get it signed by a known CA, or ii.) create a CA myself and sign my own certification without paying anything. I am now trying the second option to see first how things work on GCE, and whether it’s sufficient for my purposes – that is, self-certified SSL would provide the security on GCE.
I followed the commands on openSSL sign https_client certificate with CA and successfully ran the following in order:
// Generate CA key and cert:
openssl genrsa -out msite.CA.key 2048
openssl req -x509 -new -key msite.CA.key -days 3650 -out msite.CA.pem -subj '/C=AA/ST=aa/L=aaa/O=msite/OU=msite/CN=aa/emailAddress=sth'
// Generate client key and csr:
openssl genrsa -out mySite.com.key 2048
openssl req -new -key mySite.com.key -out mySite.com.csr -subj '/C=BB/ST=bb/L=bb/O=msite/OU=msite/CN=bb/emailAddress=bbb'
// Generate client cert signed with CA cert:
openssl x509 -req -days 365 -CA msite.CA.pem -CAkey msite.CA.key -CAcreateserial -CAserial serial -in mySite.com.csr -out mySite.com.pem
// verify:
openssl verify -verbose -CAfile msite.CA.pem mySite.com.pem
// the output to this is “mySite.com.pem: OK”
All seemed ok so far – all of the above commands ran without any errors. At this point, I ran the following (command from https://cloud.google.com/load-balancing/docs/ssl-certificates)
gcloud compute ssl-certificates create mysertificatee \
--certificate mySite.com.csr \
--private-key mySite.com.key
and got the error:
ERROR: (gcloud.compute.ssl-certificates.create) Some requests did not succeed:
- The SSL certificate could not be parsed.
What is the cause of the error? How to fix it?
