0

I have an application with python running on a google appengine SE.

Now, some servers expect a certain root ca installed on this application.

I have found information about list of root ca supported by gcp as below. https://pki.goog/repository/

The desirable ca was not found in the list and should be used on the application at ssl handshake somehow.

I would like to ask 2 questions.

  1. Is there any way to set root ca or extend the lists on an google appengine SE?
  2. Should I set a path or an environmental value to a certification file, referred by certifi module, in a source code?
Delta
  • 157
  • 13

1 Answers1

0

To answer your questions,

  1. The list of supported Root CAs you've mentioned pertains to Google-managed SSL certificates. Since your desired CA is not on the list, then you'll need to provision a self-managed SSL certificate. You can refer on this link for additional information/s.

  2. Google App Engine is a managed platform, so configuring SSL certificates are done in the Google Cloud Console, or through Client Libraries and APIs. All you need is to upload the certificate, and App Engine will handle the rest.

Note that you'll be responsible in maintaining self-managed certificates, as well as renewing it once it expires.

RJC
  • 1,224
  • 2
  • 12