Sonntag, 10. August 2014

Google AppEngine and GoDaddy SSL certificate - renewal process

I just had to renew my AppEngine SSL certificate and as always I totally forogt how I did it the last time.

So here are steps. Maybe they prove helpful for someone else. :)

  1. First create a CSR (certificate signing request). Since I already had one for creating the certificate in the first place I reused it. Fire up Google if you need to know how it is done.
  2. Log into your GoDaddy account and follow the steps for the renewal.
  3. Be sure to select deployment on an external server! Otherwise GoDaddy uses it for there hosted products and you can't download it. 
  4. Download the certificate. It is a zip containing 2 files. Your certifcate and the certificate chain (something like gd_bundle-g2-g1.crt)
  5. Now here comes the most important part. The Google Management console always complaint that I need to upload the private key and the crt in unencrypted pem/x509 format. You have to combine the two files via
    1. cat YOUR_CERT.crt GODADDY_CERT_CHAIN.crt > your-crt-combined.pem
  6. After that upload this file together with your private key and you're good to go.

One last note: The SSL configuration doesn't take place in AppEngine settings but inside your Google Apps account.