-2

I'm looking to serve HTTPS downloads which are authenticated in both directions using mTLS, the requests and responses being signed with certificates issued by a private CA. The purpose of this is securing OTA updates of an embedded device (I need to identify and authorize both ends before downloading a FW image and PKI + mTLS is a very workable solution). A human being with a browser will never interact with this.

Google Cloud Functions terminate TLS by serving a public Google-issued HTTPS certificate. I can't seem to figure out how to make GCF serve HTTPS using a custom certificate (or to authorize incoming HTTPS requests only if the client certificate is signed by my private CA). Is that even possible? If yes, can anyone point me down the right document or example?

Tarmo
  • 3,728
  • 1
  • 8
  • 25
  • Update. This morning (2021-08-18) Google made a change to the PHP SDK: **Adds logic for detecting and loading the default client certificates for mTLS**. I have not reviewed these changes. Link: https://github.com/googleapis/google-auth-library-php/pull/353 I plan to investigate and I will update my answer if something new is happening. – John Hanley Aug 18 '21 at 23:10

1 Answers1

3

Client certificates are not supported.

[Update 2023-06-23]

On June 16, 2023, Google announced preview support for mTLS. Read this announcement:

Introducing client authentication with Mutual TLS on Google Cloud Load Balancing

This part of the announcement affects services that use IAP for authorization (Cloud Run, Cloud Functions, etc):

mTLS enables Google security solutions such as Identity Aware Proxy to enforce client certificate-based access control for applications hosted on Google.

John Hanley
  • 74,467
  • 6
  • 95
  • 159
  • 1
    Thank you, I'll accept your answer and call it a day. Fortunately I have implemented my OTA service with PKI mTLS in a Cloud Compute VM (running a single pitiful Python script). It seems ripe for conversion into a Cloud Function but I guess the VM stays :) – Tarmo Aug 18 '21 at 11:35